diff options
| author | Peter Eisentraut <peter@eisentraut.org> | 2021-02-18 07:59:10 +0100 |
|---|---|---|
| committer | Peter Eisentraut <peter@eisentraut.org> | 2021-02-18 07:59:10 +0100 |
| commit | f5465fade90827534fbd0b795d18dc62e56939e9 (patch) | |
| tree | 71a2cc9b6804e78c2b2911f1c7426d096c9ca7af /src/interfaces/libpq/libpq-int.h | |
| parent | 128dd901a5c87e11c6a8cbe227a806cdc3afd10d (diff) | |
| download | postgresql-f5465fade90827534fbd0b795d18dc62e56939e9.tar.gz postgresql-f5465fade90827534fbd0b795d18dc62e56939e9.zip | |
Allow specifying CRL directory
Add another method to specify CRLs, hashed directory method, for both
server and client side. This offers a means for server or libpq to
load only CRLs that are required to verify a certificate. The CRL
directory is specifed by separate GUC variables or connection options
ssl_crl_dir and sslcrldir, alongside the existing ssl_crl_file and
sslcrl, so both methods can be used at the same time.
Author: Kyotaro Horiguchi <horikyota.ntt@gmail.com>
Discussion: https://www.postgresql.org/message-id/flat/20200731.173911.904649928639357911.horikyota.ntt@gmail.com
Diffstat (limited to 'src/interfaces/libpq/libpq-int.h')
| -rw-r--r-- | src/interfaces/libpq/libpq-int.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/interfaces/libpq/libpq-int.h b/src/interfaces/libpq/libpq-int.h index 4db498369c7..ce36aabd25a 100644 --- a/src/interfaces/libpq/libpq-int.h +++ b/src/interfaces/libpq/libpq-int.h @@ -362,6 +362,7 @@ struct pg_conn char *sslpassword; /* client key file password */ char *sslrootcert; /* root certificate filename */ char *sslcrl; /* certificate revocation list filename */ + char *sslcrldir; /* certificate revocation list directory name */ char *requirepeer; /* required peer credentials for local sockets */ char *gssencmode; /* GSS mode (require,prefer,disable) */ char *krbsrvname; /* Kerberos service name */ |