Home > mailing lists

Re: BUG #5468: Pg doesn't send accepted root CA list to client during SSL client cert request - Mailing list pgsql-bugs

From	Craig Ringer
Subject	Re: BUG #5468: Pg doesn't send accepted root CA list to client during SSL client cert request
Date	May 26, 2010 02:22:40
Msg-id	4BFC8561.5000401@postnewspapers.com.au Whole thread Raw
In response to	Re: BUG #5468: Pg doesn't send accepted root CA list to client during SSL client cert request (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-bugs

Tree view

On 26/05/10 10:16, Tom Lane wrote:
> Craig Ringer <craig@postnewspapers.com.au> writes:
>> You are confusing these two unrelated phases of SSL negotiation.
>
> No, I don't think so.

http://www.cgisecurity.com/owasp/html/ch07s04.html

See in the second part, the new entry #5 "client request"
("CertificateRequest") ? That's the big Pg gets wrong at the moment.

It's not the same as #2 in that diagram, which is what #5245 talks about.

I'm going to send you a canned configuration to demonstrate this, along
with network traces from wireshark and a session log from the test app.
Give me an hour or so to put it together.

--
Craig Ringer

Tech-related writing: http://soapyfrogs.blogspot.com/

pgsql-bugs by date:

From: Tom Lane
Date: 26 May 2010, 02:16:44
Subject: Re: BUG #5468: Pg doesn't send accepted root CA list to client during SSL client cert request

From: Stephen Frost
Date: 26 May 2010, 02:25:22
Subject: Re: BUG #5468: Pg doesn't send accepted root CA list to client during SSL client cert request

Re: BUG #5468: Pg doesn't send accepted root CA list to client during SSL client cert request - Mailing list pgsql-bugs

Previous

Next