Re: SSL cleanups/hostname verification - Mailing list pgsql-hackers

From Alex Hunsaker
Subject Re: SSL cleanups/hostname verification
Date
Msg-id 34d269d40811120805i16400cfck972b2aebac6eba44@mail.gmail.com
Whole thread Raw
In response to Re: SSL cleanups/hostname verification  (Magnus Hagander <magnus@hagander.net>)
Responses Re: SSL cleanups/hostname verification
List pgsql-hackers
OK  now that im using the right env var everything seems to work as
described.  FYI I also tried to exercise the various new error paths
and everything seems good so as far as i'm concerned this looks good
to me.  Ill go mark it as "ready for commiter" on the wiki.  (whatever
that means you being a commiter :) )

-----------
$ PGSSLVERIFY=none ./psql postgres -h 127.0.0.1
psql (8.4devel)
SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)
Type "help" for help.

postgres=# \q

$ PGSSLVERIFY=cert ./psql postgres -h 127.0.0.1
psql (8.4devel)
SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)
Type "help" for help.

postgres=# \q

$ ./psql postgres -h 127.0.0.1
psql: server common name 'bahdushka' does not match hostname
'127.0.0.1'FATAL:  no pg_hba.conf entry for host "127.0.0.1", user
"alex", database "postgres", SSL off

$ PGHOSTADDR=127.0.0.1 ./psql postgres -h 127.0.0.1
psql: verified SSL connections are only supported when connecting to a
hostnameFATAL:  no pg_hba.conf entry for host "127.0.0.1", user
"alex", database "postgres", SSL off

$ rm ~/.postgresql/root.crt

$ PGSSLVERIFY=none ./psql postgres -h 127.0.0.1
psql (8.4devel)
SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)
Type "help" for help.

postgres=# \q

$ PGSSLVERIFY=cert ./psql postgres -h 127.0.0.1
psql: root certificate file (/home/alex/.postgresql/root.crt) not found


pgsql-hackers by date:

Previous
From: Peter Eisentraut
Date:
Subject: Re: So what's an "empty" array anyway?
Next
From: Tom Lane
Date:
Subject: Re: libpq-events windows gotcha