Re: [Patch] Log SSL certificate verification errors

From: Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>
To: Graham Leggett <minfrin(at)sharp(dot)fm>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: [Patch] Log SSL certificate verification errors
Date: 2017-11-13 09:07:39
Message-ID: 1510564059.2835.8.camel@cybertec.at
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Graham Leggett wrote:
> Currently neither the server side nor the client side SSL certificate verify
> callback does anything, leading to potential hair-tearing-out moments.
>
> The following patch to master implements logging of all certificate
> verification failures, as well as (crucially) which certificates failed to verify,
> and at what depth, so the admin can zoom in straight onto the problem without any guessing.

+1 for the idea.

I have been in this situation before, and any information that helps to
clarify what the problem is would be a great help.

Yours,
Laurenz Albe

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Jonathan Jacobson 2017-11-13 09:14:01 Re: 10beta1 sequence regression failure on sparc64
Previous Message Konstantin Knizhnik 2017-11-13 08:41:34 Re: Partition-wise aggregation/grouping