Home > mailing lists

Re: [PoC] Let libpq reject unexpected authentication requests - Mailing list pgsql-hackers

From	Michael Paquier
Subject	Re: [PoC] Let libpq reject unexpected authentication requests
Date	March 24, 2023 08:18:02
Msg-id	ZB0yitjRNWE9Aimc@paquier.xyz Whole thread Raw
In response to	Re: [PoC] Let libpq reject unexpected authentication requests (Jacob Champion <jchampion@timescale.com>)
Responses	Re: [PoC] Let libpq reject unexpected authentication requests (Jacob Champion <jchampion@timescale.com>)
List	pgsql-hackers

Tree view

On Thu, Mar 23, 2023 at 03:40:55PM -0700, Jacob Champion wrote:
> On Tue, Mar 21, 2023 at 11:01 PM Michael Paquier <michael@paquier.xyz> wrote:
>> contrib/sslinfo/ has ssl_client_cert_present(), that we could use in
>> the tests to make sure that the client has actually sent a
>> certificate?  How about adding some of these tests to 003_sslinfo.pl
>> for the "allow" and "require" cases?
>
> Added; see what you think.

That's a pretty good test design, covering all 4 cases.  Nice.

>> freePGconn() is missing a free(sslcertmode).
>
> Argh, I keep forgetting that. Fixed, thanks!

I have spent a couple of hours looking at the whole again today,
testing that with OpenSSL to make sure that everything was OK.  Apart
from a few tweaks, that seemed pretty good.  So, applied.
--
Michael

Attachment

signature.asc

pgsql-hackers by date:

From: Yugo NAGATA
Date: 24 March 2023, 08:15:41
Subject: Re: psql \watch 2nd argument: iteration count

From: Masahiko Sawada
Date: 24 March 2023, 08:21:03
Subject: Re: Should vacuum process config file reload more often

Re: [PoC] Let libpq reject unexpected authentication requests - Mailing list pgsql-hackers

Attachment

Previous

Next