Skip site navigation (1) Skip section navigation (2)

Re: SSL cleanups/hostname verification

From: Magnus Hagander <magnus(at)hagander(dot)net>
To: Alex Hunsaker <badalex(at)gmail(dot)com>
Cc: PG Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: SSL cleanups/hostname verification
Date: 2008-11-11 13:16:33
Message-ID: 491985B1.3090300@hagander.net (view raw or flat)
Thread:
Lists: pgsql-hackers
Alex Hunsaker wrote:
> On Mon, Oct 20, 2008 at 05:50, Magnus Hagander <magnus(at)hagander(dot)net> wrote:

> $ SSLVERIFY=cn ./psql junk -h 192.168.0.2
> psql: server common name 'bahdushka' does not match hostname
> '192.168.0.2'FATAL:  no pg_hba.conf entry for host "192.168.0.2", user
> "alex", database "junk", SSL off

It needs to be PGSSLVERIFY if it's an environment variable. sslverify is
the connection parameter.

I think that's confusing your tests all the way through :(

Also, I'd recommend running the server with a log on a different console
or to a file so you don't get client and server error messages mixed up.


> $ SSLVERIFY=none ./psql junk -h bahdushka
> psql: root certificate file (/home/alex/.postgresql/root.crt)

Is that really the whole error message, or was it cut off? Because if it
is, then that is certainly a bug!


> But other than that looks good other than the promised documentation
> and the mem leak Tom Lane noted. (unless I missed an updated patch?)

I think you did, because there is certainly docs in the last one I sent
:-) But here's the very latest-and-greatest - I changed the cn matching
to be case insensitive per offlist comment from Dan Kaminsky, and an
internal return type to bool instead of int.

//Magnus

Attachment: libpq_ssl.diff
Description: text/x-diff (15.0 KB)

In response to

Responses

pgsql-hackers by date

Next:From: Tom LaneDate: 2008-11-11 13:22:36
Subject: Re: Very slow queries w/ NOT IN preparation (seems like a bug, test case)
Previous:From: Euler Taveira de OliveiraDate: 2008-11-11 13:13:29
Subject: Re: autovacuum and reloptions

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group