Re: [TESTERS] Location of certs -Windows 7 SSL mode? - Mailing list pgsql-bugs

From Magnus Hagander
Subject Re: [TESTERS] Location of certs -Windows 7 SSL mode?
Date
Msg-id AANLkTikw6zjXSHP5KhtwN_xv1EkMosTRlMBUBlYpHNxl@mail.gmail.com
Whole thread Raw
In response to Re: [TESTERS] Location of certs -Windows 7 SSL mode?  (Lou Picciano <loupicciano@comcast.net>)
List pgsql-bugs
On Wed, Jul 7, 2010 at 16:28, Lou Picciano <loupicciano@comcast.net> wrote:
> Magnus,
> Tks for your response.
>> What is your connection string? Are you specifying the cert file there as
>> well?
> Well, no.  Specifically, the exercise was to determine default locations of
> certs on Windows 7, as inferred from - the expected - error message from the
> PG client.  In this case, the client was pgAdmin.  (Is pgAdmin not a valid
> 'default' test?)

Ah, ok.
pgAdmin should be a valid test. Though in general, it's always
appreciated if you can try to reproduce the issue using psql. It
*could* be a bug in pgAdmin - in which case that also has to be fixed
of course, but it's a good way to narrow down where it is.


>> The code itself should actually "never" do this - it specifically checks
>> if the file doesn't exist, and should *not* show that error..
>> It should fail much later, when the server actually requests the cert..
> Oh?  I didn't realize this.  In fact, past experience has been consistent
> with my findings; that pqlib will hiccup quickly if it cannot find a cert,
> and that this error message would appear before ever presenting that
> (non-)cert to the server.  If a cert is found, on the other hand, error
> messages would be different, assuming it's an invalid cert in the context of
> pg_hba.cconf.

If there is no cert, and the server doesn't request one, it's not an
error, and shouldn't be. Non-existant cert should only be an error if
the server requires one, and that should AFAICS give a different error
message.

>> Can you try specifying an explicit file say directly in c:\, just to see
>> if that works?
> Presumably you're proposing an environment variable approach?  Sure, please
> propose an exact test, and we'll perform.  (No one else here is using certs
> under Windows 7?)

Either environment variable or connection string parameter. See
http://www.postgresql.org/docs/9.0/static/libpq-connect.html, for the
parameters sslcert and sslkey. Or
http://www.postgresql.org/docs/9.0/static/libpq-envars.html for the
respective environment vars.

--
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/

pgsql-bugs by date:

Previous
From: Magnus Hagander
Date:
Subject: Re: [TESTERS] Location of certs -Windows 7 SSL mode?
Next
From: "Pavani Mallampati"
Date:
Subject: BUG #5544: Bug while loading the csv file into the table