Skip site navigation (1) Skip section navigation (2)

Re: BUG #5468: Pg doesn't send accepted root CA list to client during SSL client cert request

From: Craig Ringer <craig(at)postnewspapers(dot)com(dot)au>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: pgsql-bugs <pgsql-bugs(at)postgresql(dot)org>
Subject: Re: BUG #5468: Pg doesn't send accepted root CA list to client during SSL client cert request
Date: 2010-05-26 02:10:25
Message-ID: 4BFC8311.3090104@postnewspapers.com.au (view raw or flat)
Thread:
Lists: pgsql-bugs
On 26/05/10 09:59, Craig Ringer wrote:
> On 26/05/10 09:35, Tom Lane wrote:
> 
>> I am now of the opinion that bug #5245 is in fact an exact dup of
>> bug #5468.  The previous reporter was jumping to conclusions about what
>> his problem was: it was not that the server didn't send the full cert
>> chain, but that Java couldn't do the right thing without having the list
>> of cert names.
> 
> No, they ARE NOT the same thing.
> 
> #5468 is about *CLIENT* *CERTIFICATE* *AUTHENTICATION* where the
>     *SERVER* VALIDATES THE *CLIENT* after the server sends a
>     ServerHello.
> 
> #5245 is about *CLIENT* *VALIDATION* *OF* *THE* *SERVER*, where the
>     *CLIENT* VALIDATES THE *SERVER* after the server sends a
>     CertificateRequest.

Argh, now I'm getting MYSELF backwards. Correction:

#5468 is about *CLIENT* *CERTIFICATE* *AUTHENTICATION* where the
    *SERVER* VALIDATES THE *CLIENT* after the server sends a
    *CertificateRequest*.       <-- Was reversed above

#5245 is about *CLIENT* *VALIDATION* *OF* *THE* *SERVER*, where the
    *CLIENT* VALIDATES THE *SERVER* after the server sends a
    *ServerHello*.              <-- Was reversed above




-- 
Craig Ringer

Tech-related writing: http://soapyfrogs.blogspot.com/

In response to

pgsql-bugs by date

Next:From: Tom LaneDate: 2010-05-26 02:16:34
Subject: Re: BUG #5468: Pg doesn't send accepted root CA list to client during SSL client cert request
Previous:From: Craig RingerDate: 2010-05-26 01:59:24
Subject: Re: BUG #5468: Pg doesn't send accepted root CA list to client during SSL client cert request

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group