Skip site navigation (1) Skip section navigation (2)

Re: SSL cleanups/hostname verification

From: "Alex Hunsaker" <badalex(at)gmail(dot)com>
To: "Magnus Hagander" <magnus(at)hagander(dot)net>
Cc: "PG Hackers" <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: SSL cleanups/hostname verification
Date: 2008-11-12 16:05:26
Message-ID: 34d269d40811120805i16400cfck972b2aebac6eba44@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-hackers
OK  now that im using the right env var everything seems to work as
described.  FYI I also tried to exercise the various new error paths
and everything seems good so as far as i'm concerned this looks good
to me.  Ill go mark it as "ready for commiter" on the wiki.  (whatever
that means you being a commiter :) )

-----------
$ PGSSLVERIFY=none ./psql postgres -h 127.0.0.1
psql (8.4devel)
SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)
Type "help" for help.

postgres=# \q

$ PGSSLVERIFY=cert ./psql postgres -h 127.0.0.1
psql (8.4devel)
SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)
Type "help" for help.

postgres=# \q

$ ./psql postgres -h 127.0.0.1
psql: server common name 'bahdushka' does not match hostname
'127.0.0.1'FATAL:  no pg_hba.conf entry for host "127.0.0.1", user
"alex", database "postgres", SSL off

$ PGHOSTADDR=127.0.0.1 ./psql postgres -h 127.0.0.1
psql: verified SSL connections are only supported when connecting to a
hostnameFATAL:  no pg_hba.conf entry for host "127.0.0.1", user
"alex", database "postgres", SSL off

$ rm ~/.postgresql/root.crt

$ PGSSLVERIFY=none ./psql postgres -h 127.0.0.1
psql (8.4devel)
SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)
Type "help" for help.

postgres=# \q

$ PGSSLVERIFY=cert ./psql postgres -h 127.0.0.1
psql: root certificate file (/home/alex/.postgresql/root.crt) not found

In response to

Responses

pgsql-hackers by date

Next:From: Tom LaneDate: 2008-11-12 16:21:35
Subject: Re: libpq-events windows gotcha
Previous:From: Peter EisentrautDate: 2008-11-12 15:58:48
Subject: Re: So what's an "empty" array anyway?

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group