From: | "Alex Hunsaker" <badalex(at)gmail(dot)com> |
---|---|
To: | "Magnus Hagander" <magnus(at)hagander(dot)net> |
Cc: | "PG Hackers" <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: SSL cleanups/hostname verification |
Date: | 2008-11-12 04:28:57 |
Message-ID: | 34d269d40811112028v1a02c756n26249d7a177fc960@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Tue, Nov 11, 2008 at 06:16, Magnus Hagander <magnus(at)hagander(dot)net> wrote:
> Alex Hunsaker wrote:
>> On Mon, Oct 20, 2008 at 05:50, Magnus Hagander <magnus(at)hagander(dot)net> wrote:
>
>> $ SSLVERIFY=cn ./psql junk -h 192.168.0.2
>> psql: server common name 'bahdushka' does not match hostname
>> '192.168.0.2'FATAL: no pg_hba.conf entry for host "192.168.0.2", user
>> "alex", database "junk", SSL off
>
> It needs to be PGSSLVERIFY if it's an environment variable. sslverify is
> the connection parameter.
Doh! Will go retry just as soon as I find a boot big enough to kick myself with.
> I think that's confusing your tests all the way through :(
>
> Also, I'd recommend running the server with a log on a different console
> or to a file so you don't get client and server error messages mixed up.
Well it was on a different console, I just put them into the same view
to show that I was actually restarting postgres when I changed the ssl
keys :)
>> $ SSLVERIFY=none ./psql junk -h bahdushka
>> psql: root certificate file (/home/alex/.postgresql/root.crt)
>
> Is that really the whole error message, or was it cut off? Because if it
> is, then that is certainly a bug!
Err it said psql: root certificate file
(/home/alex/.postgresql/root.crt) not found
>> But other than that looks good other than the promised documentation
>> and the mem leak Tom Lane noted. (unless I missed an updated patch?)
>
> I think you did, because there is certainly docs in the last one I sent
> :-) But here's the very latest-and-greatest - I changed the cn matching
> to be case insensitive per offlist comment from Dan Kaminsky, and an
> internal return type to bool instead of int.
Thanks
From | Date | Subject | |
---|---|---|---|
Next Message | Robert Haas | 2008-11-12 04:36:34 | Re: Meaning of transaction pg_locks? |
Previous Message | Robert Haas | 2008-11-12 04:06:08 | Re: WIP: Automatic view update rules |