| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | Jacob Champion <jchampion(at)timescale(dot)com> |
| Cc: | "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, Aleksander Alekseev <aleksander(at)timescale(dot)com>, Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com>, "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
| Subject: | Re: [PoC] Let libpq reject unexpected authentication requests |
| Date: | 2023-03-24 05:18:02 |
| Message-ID: | ZB0yitjRNWE9Aimc@paquier.xyz |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Mar 23, 2023 at 03:40:55PM -0700, Jacob Champion wrote:
> On Tue, Mar 21, 2023 at 11:01 PM Michael Paquier <michael(at)paquier(dot)xyz> wrote:
>> contrib/sslinfo/ has ssl_client_cert_present(), that we could use in
>> the tests to make sure that the client has actually sent a
>> certificate? How about adding some of these tests to 003_sslinfo.pl
>> for the "allow" and "require" cases?
>
> Added; see what you think.
That's a pretty good test design, covering all 4 cases. Nice.
>> freePGconn() is missing a free(sslcertmode).
>
> Argh, I keep forgetting that. Fixed, thanks!
I have spent a couple of hours looking at the whole again today,
testing that with OpenSSL to make sure that everything was OK. Apart
from a few tweaks, that seemed pretty good. So, applied.
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Masahiko Sawada | 2023-03-24 05:21:03 | Re: Should vacuum process config file reload more often |
| Previous Message | Yugo NAGATA | 2023-03-24 05:15:41 | Re: psql \watch 2nd argument: iteration count |