Home > mailing lists

Re: [GENERAL] debugging SSL connection problems - Mailing list pgsql-general

From	Magnus Hagander
Subject	Re: [GENERAL] debugging SSL connection problems
Date	July 11, 2017 03:32:36
Msg-id	CABUevExUKbsD-3x5BpAq9KmgEuXYLtH7LU9BMLqBFcJ5EB0pcQ@mail.gmail.com Whole thread Raw
In response to	[GENERAL] debugging SSL connection problems (Jeff Janes <jeff.janes@gmail.com>)
Responses	Re: [GENERAL] debugging SSL connection problems (Michael Paquier <michael.paquier@gmail.com>)
List	pgsql-general

Tree view

On Mon, Jul 10, 2017 at 11:19 PM, Jeff Janes <jeff.janes@gmail.com> wrote:

Is there a way to get libpq to hand over the certificate it gets from the server, so I can inspect it with other tools that give better diagnostic messages? I've tried to scrape it out of the output of "strace -s8192", but since it is binary it is difficult to figure out where it begins and ends within the larger server response method.

PQgetssl() or PQsslStruct() should give you the required struct from OpenSSL, which you can then use OpenSSL to inspect. You should be able to use (I think) SSL_get_peer_certificate() to get at it.

(this is what libpq does and stores it in ->peer, but that's a private api. But you can see be-secure-openssl.c for some examples)

Magnus Hagander
Me: https://www.hagander.net/
Work: https://www.redpill-linpro.com/

pgsql-general by date:

From: Christopher Browne
Date: 11 July 2017, 03:26:43
Subject: Re: [GENERAL] Imperative Query Languages

From: "Zhu, Joshua"
Date: 11 July 2017, 03:49:02
Subject: Re: [GENERAL] BDR node removal and rejoin

Re: [GENERAL] debugging SSL connection problems - Mailing list pgsql-general

Previous

Next