Magnus Hagander <magnus(at)hagander(dot)net> writes:
> On Wed, Jul 14, 2010 at 00:09, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>> "Christopher Head" <chris2k01(at)hotmail(dot)com> writes:
>>> ... Unfortunately, as per line 536 of the file
>>> fe-secure.c in the PostgreSQL sources, if hostaddr is specified, SSL full
>>> verification just plain fails without trying at all. I suspect this line
>>> should be "if (!conn->pghost)" instead of "if (conn->pghostaddr)".
>> That's really a definitional change, but it seems like a reasonable one
>> to me. Magnus, what do you think?
> Yeah, I think it is, but I haven't had the time to look into the code
> yet to see if I agree with the fix as well. Hope to get there soon.
The test actually needs to check for pghost being nonempty, I think,
but otherwise it seems straightforward. Will apply.
regards, tom lane
In response to
pgsql-bugs by date
|Next:||From: Tom Lane||Date: 2010-07-14 16:29:32|
|Subject: Re: BUG #5559: Full SSL verification fails when hostaddr provided |
|Previous:||From: Magnus Hagander||Date: 2010-07-14 07:02:12|
|Subject: Re: BUG #5559: Full SSL verification fails when hostaddr provided|