Home > mailing lists

Re: implement subject alternative names support for SSL connections - Mailing list pgsql-hackers

From	Andres Freund
Subject	Re: implement subject alternative names support for SSL connections
Date	August 25, 2014 13:07:58
Msg-id	20140825100741.GB29875@awork2.anarazel.de Whole thread Raw
In response to	Re: implement subject alternative names support for SSL connections (Heikki Linnakangas <hlinnakangas@vmware.com>)
Responses	Re: implement subject alternative names support for SSL connections
List	pgsql-hackers

Tree view

On 2014-08-25 13:02:50 +0300, Heikki Linnakangas wrote:
> But actually, I wonder if we should delegate the whole hostname matching to
> OpenSSL? There's a function called X509_check_host for that, although it's
> new in OpenSSL 1.1.0 so we'd need to add a configure test for that and keep
> the current code to handle older versions.

Given that we're about to add support for other SSL implementations I'm
not sure that that's a good idea. IIRC there exist quite a bit of
different interpretations about what denotes a valid cert between the
libraries. Doesn't sound fun to me.

Greetings,

Andres Freund

-- Andres Freund                       http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training &
Services

pgsql-hackers by date:

From: Heikki Linnakangas
Date: 25 August 2014, 13:03:12
Subject: Re: implement subject alternative names support for SSL connections

From: Heikki Linnakangas
Date: 25 August 2014, 13:33:23
Subject: Re: implement subject alternative names support for SSL connections

Re: implement subject alternative names support for SSL connections - Mailing list pgsql-hackers

Previous

Next