Re: [Patch] Log SSL certificate verification errors

From: Graham Leggett <minfrin(at)sharp(dot)fm>
To: Michael Paquier <michael(dot)paquier(at)gmail(dot)com>
Cc: PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: [Patch] Log SSL certificate verification errors
Date: 2017-11-11 10:50:16
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

On 11 Nov 2017, at 6:23 AM, Michael Paquier <michael(dot)paquier(at)gmail(dot)com> wrote:

>> Currently neither the server side nor the client side SSL certificate verify callback does anything, leading to potential hair-tearing-out moments.
>> The following patch to master implements logging of all certificate verification failures, as well as (crucially) which certificates failed to verify, and at what depth, so the admin can zoom in straight onto the problem without any guessing.
> Could you attach as a file to this thread a patch that can be easily
> applied? Using git --format-patch or simply diff is just fine.

I’ve attached it as a separate attachment.

The default behaviour of patch is to ignore all lines before and after the patch, so you can use my entire email as an input to patch and it will work (This is what git format-patch does, create something that looks like an email).

> Here are also some community guidelines on the matter:
> And if you are looking for feedback, you should register it to the
> next commit fest:

I shall do!


Attachment Content-Type Size
postgresql-log-cert-verification.diff application/octet-stream 16.7 KB

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Robert Haas 2017-11-11 11:35:38 Re: GatherMerge misses to push target list
Previous Message Michael Paquier 2017-11-11 08:48:42 Re: [PATCH] A hook for session start