| From: | Thomas Munro <thomas(dot)munro(at)enterprisedb(dot)com> |
|---|---|
| To: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
| Cc: | Pg Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [HACKERS] LDAPS |
| Date: | 2018-01-02 19:56:12 |
| Message-ID: | CAEepm=2ZeWQXLaa_7i08PHBmEhi-ys7WEke3qGN=M_nMiH8P=w@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Jan 3, 2018 at 5:31 AM, Peter Eisentraut
<peter(dot)eisentraut(at)2ndquadrant(dot)com> wrote:
> On 12/26/17 15:53, Peter Eisentraut wrote:
>> This patch looks reasonable to me. I have also seen occasional requests
>> for this in the field.
>>
>> If someone could test this on Windows, I think we could move ahead with it.
Thanks for looking at this.
> A small point on the test changes. You change the test under
> "diagnostic message", but I'm not sure why. Do the changes invalidate
> the existing test?
Yeah. In master, I was relying on the server rejecting ldaptls=1
requests due to lack of configured certificate in order to generate a
diagnostic message. Now that there is a certificate, I needed to find
another way to get requests rejected with a diagnostic message. I
have added a brief note to the commit message about this.
> We should probably also add another "note" call to introduce the LDAPS
> tests section.
I realised that I should probably also include a new test for
ldaptls=1, so that we can see that both ways of doing TLS are working.
I added that test, and added a "note" to label the whole section as
"TLS". Please see attached.
--
Thomas Munro
http://www.enterprisedb.com
| Attachment | Content-Type | Size |
|---|---|---|
| ldaps-v4.patch | application/octet-stream | 13.0 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Dunstan | 2018-01-02 20:39:09 | Re: [HACKERS] SQL/JSON in PostgreSQL |
| Previous Message | Stephen Frost | 2018-01-02 19:52:33 | Re: TODO list (was Re: Contributing with code) |