From: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
---|---|
To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
Cc: | Andreas Karlsson <andreas(at)proxel(dot)se>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Broken SSL tests in master |
Date: | 2016-12-01 21:42:00 |
Message-ID: | CAB7nPqQ4mvmBLAhtCLZFaGR6Ese1zKLwEdrai9OCG5_JejpLLQ@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Fri, Dec 2, 2016 at 5:17 AM, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
> On Thu, Nov 24, 2016 at 4:38 PM, Andreas Karlsson <andreas(at)proxel(dot)se> wrote:
>> As you can see, after the patch libpq will now look at hostaddr rather than
>> host when validating the server certificate because that is what is stored
>> in the first (and only) entry of conn->connhost, and therefore what PQhost()
>> return.
>>
>> To me it feels like the proper fix would be to make PQHost() return the
>> value of the host parameter rather than the hostaddr (maybe add a new field
>> in the pg_conn_host struct). But would be a behaviour change which might
>> break someones application. Thoughts?
>
> I think that the blame here is on the original commit,
> 274bb2b3857cc987cfa21d14775cae9b0dababa5, which inadvertently changed
> the behavior of PQhost. Prior to that commit, even if "hostaddr" was
> used, PQhost would still return whatever value was associated with the
> "host" parameter, but now it ignores "host" and returns "hostaddr"
> instead. That's busted. I've pushed a trivial fix, and the SSL tests
> now pass for me.
+ if (conn->connhost != NULL &&
+ conn->connhost[conn->whichhost].type != CHT_HOST_ADDRESS)
return conn->connhost[conn->whichhost].host
I think that's still incorrect. If a connection string defines a
comma-separated list of host, and hostaddr is defined as well,
PQhost() would return the comma-separated list, not the IP of the host
it is connected to. Am I reading that incorrectly?
--
Michael
From | Date | Subject | |
---|---|---|---|
Next Message | Michael Paquier | 2016-12-01 21:46:53 | Re: Broken SSL tests in master |
Previous Message | Andres Freund | 2016-12-01 21:41:51 | Re: Proposal: scan key push down to heap [WIP] |