| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Francisco Reyes <lists(at)natserv(dot)net> |
| Cc: | pgsql-general <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: How to test SSL cert from CA? |
| Date: | 2015-07-10 14:03:46 |
| Message-ID: | 17849.1436537026@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Francisco Reyes <lists(at)natserv(dot)net> writes:
> On 07/09/2015 03:07 PM, Vick Khera wrote:
>> openssl s_client -connect HOST:PORT -CAfile /path/to/CA.pem
> According to this post:
> http://serverfault.com/questions/79876/connecting-to-postgresql-with-ssl-using-openssl-s-client?rq=1
> one can not use openssl to test ssl connection to postgresql. True?
I should think you can't; it wouldn't know to send the initial packet
that asks the server to initiate SSL mode.
I found this in the man page for s_client mode:
-starttls protocol
send the protocol-specific message(s) to switch to TLS for
communication. protocol is a keyword for the intended protocol.
Currently, the only supported keywords are "smtp", "pop3", "imap",
and "ftp".
So they've certainly heard of such issues, and you could imagine adding
a "-starttls postgresql" variant, but it's not there now ... at least
not in the OpenSSL version that ships in RHEL6.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dane Foster | 2015-07-10 14:52:56 | Dynamic multi dimensional arrays in SQL |
| Previous Message | Ramesh T | 2015-07-10 12:54:02 | timestamp check |