Re: [PATCH] Accept IP addresses in server certificate SANs

From: Daniel Gustafsson <daniel(at)yesql(dot)se>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Jacob Champion <pchampion(at)vmware(dot)com>, "horikyota(dot)ntt(at)gmail(dot)com" <horikyota(dot)ntt(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: [PATCH] Accept IP addresses in server certificate SANs
Date: 2022-03-27 22:44:07
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

> On 27 Mar 2022, at 23:19, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:

> This may be caused by 9ca234bae or 4a7e964fc.

I'd say 4a7e964fc is the culprit here. From a quick skim the the
switch_server_cert() calls need to be changed along the lines of:

from: switch_server_cert($node, 'server-ip-in-dnsname');
to: switch_server_cert($node, certfile => 'server-ip-in-dnsname');

There migth be more changes required, that was the one that stood out. Unless
someone beats me to it I'll take a look at fixing up the test in this patch

Daniel Gustafsson

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Tom Lane 2022-03-27 23:14:25 Re: SQL/JSON: functions
Previous Message Peter Geoghegan 2022-03-27 21:36:54 Re: Assert in pageinspect with NULL pages