Re: SSL cleanups/hostname verification

On 12 nov 2008, at 05.28, "Alex Hunsaker" <badalex(at)gmail(dot)com> wrote:

> On Tue, Nov 11, 2008 at 06:16, Magnus Hagander <magnus(at)hagander(dot)net>
> wrote:
>> Alex Hunsaker wrote:
>>> On Mon, Oct 20, 2008 at 05:50, Magnus Hagander
>>> <magnus(at)hagander(dot)net> wrote:
>>
>>> $ SSLVERIFY=cn ./psql junk -h 192.168.0.2
>>> psql: server common name 'bahdushka' does not match hostname
>>> '192.168.0.2'FATAL: no pg_hba.conf entry for host "192.168.0.2",
>>> user
>>> "alex", database "junk", SSL off
>>
>> It needs to be PGSSLVERIFY if it's an environment variable.
>> sslverify is
>> the connection parameter.
>
> Doh! Will go retry just as soon as I find a boot big enough to kick
> myself with.

:)

>
>> RI think that's confusing your tests all the way through :(
>>
>> Also, I'd recommend running the server with a log on a different
>> console
>> or to a file so you don't get client and server error messages
>> mixed up.
>
> Well it was on a different console, I just put them into the same view
> to show that I was actually restarting postgres when I changed the ssl
> keys :)

Heh, ok.

>>> $ SSLVERIFY=none ./psql junk -h bahdushka
>>> psql: root certificate file (/home/alex/.postgresql/root.crt)
>>
>> Is that really the whole error message, or was it cut off? Because
>> if it
>> is, then that is certainly a bug!
>
> Err it said psql: root certificate file
> (/home/alex/.postgresql/root.crt) not found

Ok, good, then it's not broken.

/Magnus

>>