Home > mailing lists

Re: Fix error handling in be_tls_open_server() - Mailing list pgsql-hackers

From	Sergey Shinderuk
Subject	Re: Fix error handling in be_tls_open_server()
Date	August 28, 2023 20:39:07
Msg-id	0e4d5421-cf10-d400-bc36-6fd31611db5b@postgrespro.ru Whole thread Raw
In response to	Re: Fix error handling in be_tls_open_server() (Jacob Champion <jchampion@timescale.com>)
Responses	Re: Fix error handling in be_tls_open_server()
List	pgsql-hackers

Tree view

On 28.08.2023 18:12, Jacob Champion wrote:
> On Thu, Aug 24, 2023 at 6:25 PM Michael Paquier <michael@paquier.xyz> wrote:
>> LD_PRELOAD is the only thing I can think about, but that's very fancy.
>> Even with that, having a certificate with a NULL peer_cn could prove
>> to be useful in the SSL suite to stress more patterns around it?
> 
> +1. Last we tried it, OpenSSL didn't want to create a certificate with
> an embedded null, but maybe things have changed?
> 

To embed a null byte into the Subject, I first generated a regular 
certificate request in the DER (binary) format, then manually inserted 
null into the file and recomputed the checksum. Like this:
https://security.stackexchange.com/a/58845

I'll try to add a client certificate lacking a CN to the SSL test suite.

-- 
Sergey Shinderuk        https://postgrespro.com/

pgsql-hackers by date:

From: Jelte Fennema
Date: 28 August 2023, 19:51:02
Subject: Re: Support prepared statement invalidation when result types change

From: "Jonathan S. Katz"
Date: 28 August 2023, 20:51:18
Subject: PostgreSQL 16 RC1 release announcement draft

Re: Fix error handling in be_tls_open_server() - Mailing list pgsql-hackers

Previous

Next