| From: | Heikki Linnakangas <hlinnakangas(at)vmware(dot)com> |
|---|---|
| To: | Andres Freund <andres(at)2ndquadrant(dot)com> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: SSL regression test suite |
| Date: | 2014-08-12 12:53:44 |
| Message-ID: | 53EA0E58.90405@vmware.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 08/12/2014 02:28 PM, Andres Freund wrote:
> On 2014-08-12 14:01:18 +0300, Heikki Linnakangas wrote:
>> Also, to test sslmode=verify-full, where the client checks that the server
>> certificate's hostname matches the hostname that it connected to, you need
>> to have two aliases for the same server, one that matches the certificate
>> and one that doesn't. But I think I found a way around that part; if the
>> certificate is set up for "localhost", and connect to "127.0.0.1", you get a
>> mismatch.
>
> Alternatively, and to e.g. test wildcard certs and such, I think you can
> specify both host and hostaddr to connect to connect without actually
> doing a dns lookup.
Oh, I didn't know that's possible! Yeah, that's a good solution.
- Heikki
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tomas Vondra | 2014-08-12 12:58:13 | Re: 9.5: Memory-bounded HashAgg |
| Previous Message | Marti Raudsepp | 2014-08-12 12:41:44 | Re: jsonb format is pessimal for toast compression |