On 08/12/2014 02:28 PM, Andres Freund wrote:
> On 2014-08-12 14:01:18 +0300, Heikki Linnakangas wrote:
>> Also, to test sslmode=verify-full, where the client checks that the server
>> certificate's hostname matches the hostname that it connected to, you need
>> to have two aliases for the same server, one that matches the certificate
>> and one that doesn't. But I think I found a way around that part; if the
>> certificate is set up for "localhost", and connect to "127.0.0.1", you get a
>> mismatch.
>
> Alternatively, and to e.g. test wildcard certs and such, I think you can
> specify both host and hostaddr to connect to connect without actually
> doing a dns lookup.
Oh, I didn't know that's possible! Yeah, that's a good solution.
- Heikki