| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | Christopher Head <chris2k01(at)hotmail(dot)com>, pgsql-bugs <pgsql-bugs(at)postgresql(dot)org> |
| Subject: | Re: BUG #5559: Full SSL verification fails when hostaddr provided |
| Date: | 2010-07-14 16:02:18 |
| Message-ID: | 6811.1279123338@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Magnus Hagander <magnus(at)hagander(dot)net> writes:
> On Wed, Jul 14, 2010 at 00:09, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>> "Christopher Head" <chris2k01(at)hotmail(dot)com> writes:
>>> ... Unfortunately, as per line 536 of the file
>>> fe-secure.c in the PostgreSQL sources, if hostaddr is specified, SSL full
>>> verification just plain fails without trying at all. I suspect this line
>>> should be "if (!conn->pghost)" instead of "if (conn->pghostaddr)".
>>
>> That's really a definitional change, but it seems like a reasonable one
>> to me. Magnus, what do you think?
> Yeah, I think it is, but I haven't had the time to look into the code
> yet to see if I agree with the fix as well. Hope to get there soon.
The test actually needs to check for pghost being nonempty, I think,
but otherwise it seems straightforward. Will apply.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2010-07-14 16:29:32 | Re: BUG #5559: Full SSL verification fails when hostaddr provided |
| Previous Message | Magnus Hagander | 2010-07-14 07:02:12 | Re: BUG #5559: Full SSL verification fails when hostaddr provided |