| From: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
|---|---|
| To: | Thomas Munro <thomas(dot)munro(at)enterprisedb(dot)com> |
| Cc: | Pg Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [HACKERS] LDAPS |
| Date: | 2018-01-03 15:34:12 |
| Message-ID: | a238a915-09dc-a0d7-0334-c270f082b213@2ndquadrant.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 1/2/18 14:56, Thomas Munro wrote:
>> A small point on the test changes. You change the test under
>> "diagnostic message", but I'm not sure why. Do the changes invalidate
>> the existing test?
>
> Yeah. In master, I was relying on the server rejecting ldaptls=1
> requests due to lack of configured certificate in order to generate a
> diagnostic message. Now that there is a certificate, I needed to find
> another way to get requests rejected with a diagnostic message. I
> have added a brief note to the commit message about this.
>
>> We should probably also add another "note" call to introduce the LDAPS
>> tests section.
>
> I realised that I should probably also include a new test for
> ldaptls=1, so that we can see that both ways of doing TLS are working.
> I added that test, and added a "note" to label the whole section as
> "TLS". Please see attached.
Committed.
I added a test case for combining LDAPS with StartTLS. The OpenLDAP
library sensibly rejects that, so we don't need to do anything ourselves
to prevent that.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jeff Janes | 2018-01-03 15:36:57 | Re: TODO list (was Re: Contributing with code) |
| Previous Message | Robert Haas | 2018-01-03 15:25:20 | Re: Package version in PG_VERSION and version() |