Re: BUG #5559: Full SSL verification fails when hostaddr provided

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Magnus Hagander <magnus(at)hagander(dot)net>, Christopher Head <chris2k01(at)hotmail(dot)com>, pgsql-bugs <pgsql-bugs(at)postgresql(dot)org>
Subject: Re: BUG #5559: Full SSL verification fails when hostaddr provided
Date: 2010-07-14 16:29:32
Message-ID: 7342.1279124972@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

... btw, the libpq documentation claims that

If hostaddr is specified without host, the value for hostaddr
gives the remote address. When Kerberos is used, a reverse name
query occurs to obtain the host name for Kerberos.

but so far as I can see this is flat wrong. pg_krb5_sendauth throws
an error if you didn't provide a host name, and so do the other places
in fe-auth.c that need the host name. What we're about to do to SSL
verification will match that. So I think the docs need a fix here.

regards, tom lane

In response to

Responses

Browse pgsql-bugs by date

  From Date Subject
Next Message Stephen Frost 2010-07-14 17:39:42 Re: BUG #5559: Full SSL verification fails when hostaddr provided
Previous Message Tom Lane 2010-07-14 16:02:18 Re: BUG #5559: Full SSL verification fails when hostaddr provided