Home > mailing lists

Re: DH_check return value test correct? - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: DH_check return value test correct?
Date	May 12, 2006 22:40:05
Msg-id	24012.1147473584@sss.pgh.pa.us Whole thread Raw
In response to	DH_check return value test correct? (Michael Fuhr <mike@fuhr.org>)
Responses	Re: DH_check return value test correct?
List	pgsql-hackers

Tree view

Michael Fuhr <mike@fuhr.org> writes:
> Isn't that the wrong test for DH_check's return value?

Yeah, sure looks that way, doesn't it?

> If $PGDATA/dh1024.pem exists and if SSL connections are enabled,
> then each SSL connection logs the following:
>   DH_check error (dh1024.pem): No SSL error reported
> The backend then loads the hardcoded parameters.  The SSL connection
> works, but with DH parameters other than intended.

So it's not that surprising that no one noticed it was broken :-(
        regards, tom lane

pgsql-hackers by date:

From: Albert Cervera Areny
Date: 12 May 2006, 22:36:16
Subject: Re: Inheritance, Primary Keys and Foreign Keys

From: Tom Lane
Date: 12 May 2006, 22:52:30
Subject: Re: audit table containing Select statements submitted

Re: DH_check return value test correct? - Mailing list pgsql-hackers

Previous

Next