Home > mailing lists

Re: [PATCH] Accept IP addresses in server certificate SANs - Mailing list pgsql-hackers

From	Daniel Gustafsson
Subject	Re: [PATCH] Accept IP addresses in server certificate SANs
Date	March 28, 2022 01:44:07
Msg-id	3F1A8748-DEF8-454C-B7ED-F536CCF7F115@yesql.se Whole thread Raw
In response to	Re: [PATCH] Accept IP addresses in server certificate SANs (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: [PATCH] Accept IP addresses in server certificate SANs
List	pgsql-hackers

Tree view

> On 27 Mar 2022, at 23:19, Tom Lane <tgl@sss.pgh.pa.us> wrote:

> This may be caused by 9ca234bae or 4a7e964fc.

I'd say 4a7e964fc is the culprit here.  From a quick skim the the
switch_server_cert() calls need to be changed along the lines of:

  from: switch_server_cert($node, 'server-ip-in-dnsname');
    to: switch_server_cert($node, certfile => 'server-ip-in-dnsname');

There migth be more changes required, that was the one that stood out.  Unless
someone beats me to it I'll take a look at fixing up the test in this patch
tomorrow.

--
Daniel Gustafsson        https://vmware.com/

pgsql-hackers by date:

From: Peter Geoghegan
Date: 28 March 2022, 00:36:54
Subject: Re: Assert in pageinspect with NULL pages

From: Tom Lane
Date: 28 March 2022, 02:14:25
Subject: Re: SQL/JSON: functions

Re: [PATCH] Accept IP addresses in server certificate SANs - Mailing list pgsql-hackers

Previous

Next