| From: | Craig Ringer <craig(at)postnewspapers(dot)com(dot)au> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-bugs <pgsql-bugs(at)postgresql(dot)org> |
| Subject: | Re: BUG #5468: Pg doesn't send accepted root CA list to client during SSL client cert request |
| Date: | 2010-05-26 02:20:17 |
| Message-ID: | 4BFC8561.5000401@postnewspapers.com.au |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
On 26/05/10 10:16, Tom Lane wrote:
> Craig Ringer <craig(at)postnewspapers(dot)com(dot)au> writes:
>> You are confusing these two unrelated phases of SSL negotiation.
>
> No, I don't think so.
http://www.cgisecurity.com/owasp/html/ch07s04.html
See in the second part, the new entry #5 "client request"
("CertificateRequest") ? That's the big Pg gets wrong at the moment.
It's not the same as #2 in that diagram, which is what #5245 talks about.
I'm going to send you a canned configuration to demonstrate this, along
with network traces from wireshark and a session log from the test app.
Give me an hour or so to put it together.
--
Craig Ringer
Tech-related writing: http://soapyfrogs.blogspot.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2010-05-26 02:25:13 | Re: BUG #5468: Pg doesn't send accepted root CA list to client during SSL client cert request |
| Previous Message | Tom Lane | 2010-05-26 02:16:34 | Re: BUG #5468: Pg doesn't send accepted root CA list to client during SSL client cert request |