| From: | "Alex Hunsaker" <badalex(at)gmail(dot)com> |
|---|---|
| To: | "Magnus Hagander" <magnus(at)hagander(dot)net> |
| Cc: | "PG Hackers" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: SSL cleanups/hostname verification |
| Date: | 2008-11-12 16:05:26 |
| Message-ID: | 34d269d40811120805i16400cfck972b2aebac6eba44@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
OK now that im using the right env var everything seems to work as
described. FYI I also tried to exercise the various new error paths
and everything seems good so as far as i'm concerned this looks good
to me. Ill go mark it as "ready for commiter" on the wiki. (whatever
that means you being a commiter :) )
-----------
$ PGSSLVERIFY=none ./psql postgres -h 127.0.0.1
psql (8.4devel)
SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)
Type "help" for help.
postgres=# \q
$ PGSSLVERIFY=cert ./psql postgres -h 127.0.0.1
psql (8.4devel)
SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)
Type "help" for help.
postgres=# \q
$ ./psql postgres -h 127.0.0.1
psql: server common name 'bahdushka' does not match hostname
'127.0.0.1'FATAL: no pg_hba.conf entry for host "127.0.0.1", user
"alex", database "postgres", SSL off
$ PGHOSTADDR=127.0.0.1 ./psql postgres -h 127.0.0.1
psql: verified SSL connections are only supported when connecting to a
hostnameFATAL: no pg_hba.conf entry for host "127.0.0.1", user
"alex", database "postgres", SSL off
$ rm ~/.postgresql/root.crt
$ PGSSLVERIFY=none ./psql postgres -h 127.0.0.1
psql (8.4devel)
SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)
Type "help" for help.
postgres=# \q
$ PGSSLVERIFY=cert ./psql postgres -h 127.0.0.1
psql: root certificate file (/home/alex/.postgresql/root.crt) not found
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2008-11-12 16:21:35 | Re: libpq-events windows gotcha |
| Previous Message | Peter Eisentraut | 2008-11-12 15:58:48 | Re: So what's an "empty" array anyway? |