Skip site navigation (1) Skip section navigation (2)

Re: no verification of client certificate?

From: Michael Fuhr <mike(at)fuhr(dot)org>
To: Ray Stell <stellr(at)cns(dot)vt(dot)edu>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-admin(at)postgresql(dot)org
Subject: Re: no verification of client certificate?
Date: 2007-03-26 14:00:04
Message-ID: 20070326140004.GA9109@winnie.fuhr.org (view raw or flat)
Thread:
Lists: pgsql-adminpgsql-docs
On Mon, Mar 26, 2007 at 09:35:33AM -0400, Ray Stell wrote:
> Knowing how Michael traced the connection with ssldump would be
> VERY helpful.

The simple way is to run ssldump in one shell while running psql
in another:

ssldump -q port 5482    # my 8.2.3 db listens on port 5482

If I want to do more analysis I usually save the connection with
tcpdump first:

tcpdump -s0 -w dumpfile port 5482

The -s0 option is important: it tells tcpdump to capture the entire
packet.

When I'm done with psql I stop tcpdump and run ssldump over the dumpfile:

ssldump -r dumpfile -q

-- 
Michael Fuhr

In response to

pgsql-docs by date

Next:From: Bruce MomjianDate: 2007-03-30 03:44:58
Subject: Re: [ADMIN] no verification of client certificate?
Previous:From: Michael FuhrDate: 2007-03-26 13:42:53
Subject: Re: no verification of client certificate?

pgsql-admin by date

Next:From: Laszlo NagyDate: 2007-03-26 17:17:43
Subject: autovacuum question
Previous:From: Daniel Ricardo MedinaDate: 2007-03-26 13:58:00
Subject: Re: URGENT TABLE PG_SHADOW CORRUTEP

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group