| From: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
|---|---|
| To: | Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | Jeff Janes <jeff(dot)janes(at)gmail(dot)com>, "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: debugging SSL connection problems |
| Date: | 2017-07-12 04:59:06 |
| Message-ID: | CAB7nPqRskr5tZz963b3nHkvZn5ffN6cDfMEb_eHQSwbh1nNZTA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Tue, Jul 11, 2017 at 6:32 AM, Magnus Hagander <magnus(at)hagander(dot)net> wrote:
> On Mon, Jul 10, 2017 at 11:19 PM, Jeff Janes <jeff(dot)janes(at)gmail(dot)com> wrote:
>> Is there a way to get libpq to hand over the certificate it gets from the
>> server, so I can inspect it with other tools that give better diagnostic
>> messages? I've tried to scrape it out of the output of "strace -s8192", but
>> since it is binary it is difficult to figure out where it begins and ends
>> within the larger server response method.
>>
>
> PQgetssl() or PQsslStruct() should give you the required struct from
> OpenSSL, which you can then use OpenSSL to inspect. You should be able to
> use (I think) SSL_get_peer_certificate() to get at it.
Yes that will work. The SSL context stored in PGconn offers enough
entry point to access all the SSL-related data.
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mark Morgan Lloyd | 2017-07-12 07:20:31 | Systemd support (was:Re: Please say it isn't so) |
| Previous Message | Steve Litt | 2017-07-12 04:51:36 | Please say it isn't so |