Home > mailing lists

Re: Re: [COMMITTERS] pgsql: Add support for matching wildcard server certificates to the new - Mailing list pgsql-hackers

From	Peter Eisentraut
Subject	Re: Re: [COMMITTERS] pgsql: Add support for matching wildcard server certificates to the new
Date	November 24, 2008 20:30:26
Msg-id	200811242330.14711.peter_e@gmx.net Whole thread Raw
In response to	Re: Re: [COMMITTERS] pgsql: Add support for matching wildcard server certificates to the new (Peter Eisentraut <peter_e@gmx.net>)
Responses	Re: Re: [COMMITTERS] pgsql: Add support for matching wildcard server certificates to the new
List	pgsql-hackers

Tree view

I wrote:
> Some more information on this:
> https://www.switch.ch/pki/meetings/2007-01/namebased_ssl_virtualhosts.pdf
> slide 5 lists the matching rules for email, HTTP, and LDAP over TLS,
> respectively, which are not all the same.  Also note that these methods
> have rules for interpreting fields in the certificate other than the common
> name for the host name.
>
> I think it is safest and easiest to allow a * wildcard only as the first
> character and only when followed immediately by a dot.
>
> Maybe some DNS expert around here can offer advice on what a morally sound
> solution would be.

This page summarizes the sadness pretty well:

http://wiki.cacert.org/wiki/WildcardCertificates

pgsql-hackers by date:

From: Alvaro Herrera
Date: 24 November 2008, 20:29:11
Subject: Re: WIP: default values for function parameters

From: "Pavel Stehule"
Date: 24 November 2008, 20:38:10
Subject: Re: WIP: default values for function parameters

Re: Re: [COMMITTERS] pgsql: Add support for matching wildcard server certificates to the new - Mailing list pgsql-hackers

Previous

Next