Home > mailing lists

Re: BUG #5559: Full SSL verification fails when hostaddr provided - Mailing list pgsql-bugs

From	Tom Lane
Subject	Re: BUG #5559: Full SSL verification fails when hostaddr provided
Date	July 14, 2010 16:29:42
Msg-id	7342.1279124972@sss.pgh.pa.us Whole thread Raw
In response to	Re: BUG #5559: Full SSL verification fails when hostaddr provided (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: BUG #5559: Full SSL verification fails when hostaddr provided (Stephen Frost <sfrost@snowman.net>)
List	pgsql-bugs

Tree view

... btw, the libpq documentation claims that

    If hostaddr is specified without host, the value for hostaddr
    gives the remote address. When Kerberos is used, a reverse name
    query occurs to obtain the host name for Kerberos.

but so far as I can see this is flat wrong.  pg_krb5_sendauth throws
an error if you didn't provide a host name, and so do the other places
in fe-auth.c that need the host name.  What we're about to do to SSL
verification will match that.  So I think the docs need a fix here.

            regards, tom lane

pgsql-bugs by date:

From: Tom Lane
Date: 14 July 2010, 16:02:28
Subject: Re: BUG #5559: Full SSL verification fails when hostaddr provided

From: Stephen Frost
Date: 14 July 2010, 17:39:51
Subject: Re: BUG #5559: Full SSL verification fails when hostaddr provided

Re: BUG #5559: Full SSL verification fails when hostaddr provided - Mailing list pgsql-bugs

Previous

Next