| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Lou Picciano <loupicciano(at)comcast(dot)net> |
| Cc: | pgsql-testers <pgsql-testers(at)postgresql(dot)org>, pgsql-bugs <pgsql-bugs(at)postgresql(dot)org> |
| Subject: | Re: [TESTERS] Location of certs -Windows 7 SSL mode? |
| Date: | 2010-07-08 10:34:24 |
| Message-ID: | AANLkTikw6zjXSHP5KhtwN_xv1EkMosTRlMBUBlYpHNxl@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs pgsql-testers |
On Wed, Jul 7, 2010 at 16:28, Lou Picciano <loupicciano(at)comcast(dot)net> wrote:
> Magnus,
> Tks for your response.
>> What is your connection string? Are you specifying the cert file there as
>> well?
> Well, no. Specifically, the exercise was to determine default locations of
> certs on Windows 7, as inferred from - the expected - error message from the
> PG client. In this case, the client was pgAdmin. (Is pgAdmin not a valid
> 'default' test?)
Ah, ok.
pgAdmin should be a valid test. Though in general, it's always
appreciated if you can try to reproduce the issue using psql. It
*could* be a bug in pgAdmin - in which case that also has to be fixed
of course, but it's a good way to narrow down where it is.
>> The code itself should actually "never" do this - it specifically checks
>> if the file doesn't exist, and should *not* show that error..
>> It should fail much later, when the server actually requests the cert..
> Oh? I didn't realize this. In fact, past experience has been consistent
> with my findings; that pqlib will hiccup quickly if it cannot find a cert,
> and that this error message would appear before ever presenting that
> (non-)cert to the server. If a cert is found, on the other hand, error
> messages would be different, assuming it's an invalid cert in the context of
> pg_hba.cconf.
If there is no cert, and the server doesn't request one, it's not an
error, and shouldn't be. Non-existant cert should only be an error if
the server requires one, and that should AFAICS give a different error
message.
>> Can you try specifying an explicit file say directly in c:\, just to see
>> if that works?
> Presumably you're proposing an environment variable approach? Sure, please
> propose an exact test, and we'll perform. (No one else here is using certs
> under Windows 7?)
Either environment variable or connection string parameter. See
http://www.postgresql.org/docs/9.0/static/libpq-connect.html, for the
parameters sslcert and sslkey. Or
http://www.postgresql.org/docs/9.0/static/libpq-envars.html for the
respective environment vars.
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Niranjan Pandit | 2010-07-08 12:49:01 | BUG #5545: permission denied on delete |
| Previous Message | Magnus Hagander | 2010-07-08 10:31:30 | Re: [TESTERS] Location of certs -Windows 7 SSL mode? |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Lou Picciano | 2010-07-08 21:18:38 | v9.0 beta clients - on Windows 7 - do not pick up SSL ENVIRONMENT VARIABLES? |
| Previous Message | Magnus Hagander | 2010-07-08 10:31:30 | Re: [TESTERS] Location of certs -Windows 7 SSL mode? |