| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Subject: | Re: Re: [COMMITTERS] pgsql: Add support for matching wildcard server certificates to the new |
| Date: | 2008-11-24 21:30:14 |
| Message-ID: | 200811242330.14711.peter_e@gmx.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers pgsql-hackers |
I wrote:
> Some more information on this:
> https://www.switch.ch/pki/meetings/2007-01/namebased_ssl_virtualhosts.pdf
> slide 5 lists the matching rules for email, HTTP, and LDAP over TLS,
> respectively, which are not all the same. Also note that these methods
> have rules for interpreting fields in the certificate other than the common
> name for the host name.
>
> I think it is safest and easiest to allow a * wildcard only as the first
> character and only when followed immediately by a dot.
>
> Maybe some DNS expert around here can offer advice on what a morally sound
> solution would be.
This page summarizes the sadness pretty well:
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Hiroshi Inoue | 2008-11-25 03:00:37 | Re: Re: [COMMITTERS] pgsql: Explicitly bind gettext() to the UTF8 locale when in use. |
| Previous Message | Peter Eisentraut | 2008-11-24 21:26:41 | Re: Re: [COMMITTERS] pgsql: Add support for matching wildcard server certificates to the new |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2008-11-24 21:44:36 | Re: WIP: default values for function parameters |
| Previous Message | Alvaro Herrera | 2008-11-24 21:28:58 | Re: WIP: default values for function parameters |