| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, Christopher Head <chris2k01(at)hotmail(dot)com>, pgsql-bugs <pgsql-bugs(at)postgresql(dot)org> |
| Subject: | Re: BUG #5559: Full SSL verification fails when hostaddr provided |
| Date: | 2010-07-14 21:50:20 |
| Message-ID: | 20100714215020.GR21875@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
* Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
> Uh, no, because hostaddr is (required to be) a numeric IP. The odds of
> it being useful in this context seem negligible.
Perhaps I was being a bit overzealous in my last response, sorry about
that. If the point here is that people who are using hostaddr are in an
environment where DNS is non-functional or actively broken, then yes,
just bombing out would probably be fine. I think the issue I have here
is that if you've gone to the trouble to set things up on the
server-side to a point where it asks the client to do Kerberos (which, I
think, must be the case if we've gotten to this point in the code), and
for some reason the client has decided to use hostaddr instead of host
(perhaps some client-side code saw a dotted-quad and thought "oh, you
must want to use hostaddr instead of host"), it shouldn't break without
a real reason.
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2010-07-14 21:58:04 | Re: BUG #5559: Full SSL verification fails when hostaddr provided |
| Previous Message | Stephen Frost | 2010-07-14 21:44:03 | Re: BUG #5559: Full SSL verification fails when hostaddr provided |