Skip site navigation (1) Skip section navigation (2)

Re: BUG #5559: Full SSL verification fails when hostaddr provided

From: Christopher Head <chris2k01(at)hotmail(dot)com>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Bruce Momjian <bruce(at)momjian(dot)us>, Stephen Frost <sfrost(at)snowman(dot)net>, Magnus Hagander <magnus(at)hagander(dot)net>, pgsql-bugs <pgsql-bugs(at)postgresql(dot)org>
Subject: Re: BUG #5559: Full SSL verification fails when hostaddr provided
Date: 2010-12-19 22:13:52
Message-ID: BLU0-SMTP1240E792CA8067630A64161F4180@phx.gbl (view raw or flat)
Thread:
Lists: pgsql-bugs
On Wed, 14 Jul 2010 18:35:55 -0400
Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:

> Bruce Momjian <bruce(at)momjian(dot)us> writes:
> > Do the docs need any more updating?
> 
> No doubt, but it's a bit premature to consider that while we're still
> arguing whether the code needs to change more.
> 
> 			regards, tom lane
> 

Sorry to bother everyone, but AFAICT this discussion kind of
disappeared. Did I perhaps get dropped from CC? I'm interested to know
what the final resolution of this is.

My own thought would be:
"host" means the thing you intended to connect to: a unique identifier
for the server, probably (usually) the hostname, and also the thing
that goes in a certificate. Should (probably) never be omitted.

"hostaddr" means the thing you actually send your TCP SYN packet to:
maybe an IP address if you want to save a DNS lookup, maybe even
"localhost" if you want to use an SSH tunnel (or even some other
hostname if you have an even stranger tunnel set up), but purely a
"network-layer" thing about *how to get to* the server, and not a
"user-trust-layer" thing about *who the server is*. If omitted,
defaults to being equal to "host".

I don't know if that's what was intended, but that's what I thought
they would mean.

Chris

In response to

Responses

pgsql-bugs by date

Next:From: Leslie SatensteinDate: 2010-12-20 02:39:38
Subject: BUG #5795: 9.0.2 PDF needs editing
Previous:From: Tom LaneDate: 2010-12-19 20:34:47
Subject: Re: BUG #5794: 'explain' fails, but executing sql is ok.

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group