Skip site navigation (1) Skip section navigation (2)

Re: BUG #5559: Full SSL verification fails when hostaddr provided

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Magnus Hagander <magnus(at)hagander(dot)net>
Cc: Christopher Head <chris2k01(at)hotmail(dot)com>, pgsql-bugs <pgsql-bugs(at)postgresql(dot)org>
Subject: Re: BUG #5559: Full SSL verification fails when hostaddr provided
Date: 2010-07-14 16:02:18
Message-ID: 6811.1279123338@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-bugs
Magnus Hagander <magnus(at)hagander(dot)net> writes:
> On Wed, Jul 14, 2010 at 00:09, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>> "Christopher Head" <chris2k01(at)hotmail(dot)com> writes:
>>> ... Unfortunately, as per line 536 of the file
>>> fe-secure.c in the PostgreSQL sources, if hostaddr is specified, SSL full
>>> verification just plain fails without trying at all. I suspect this line
>>> should be "if (!conn->pghost)" instead of "if (conn->pghostaddr)".
>> 
>> That's really a definitional change, but it seems like a reasonable one
>> to me. Magnus, what do you think?

> Yeah, I think it is, but I haven't had the time to look into the code
> yet to see if I agree with the fix as well. Hope to get there soon.

The test actually needs to check for pghost being nonempty, I think,
but otherwise it seems straightforward.  Will apply.

			regards, tom lane

In response to

Responses

pgsql-bugs by date

Next:From: Tom LaneDate: 2010-07-14 16:29:32
Subject: Re: BUG #5559: Full SSL verification fails when hostaddr provided
Previous:From: Magnus HaganderDate: 2010-07-14 07:02:12
Subject: Re: BUG #5559: Full SSL verification fails when hostaddr provided

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group