| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Jeff Janes <jeff(dot)janes(at)gmail(dot)com> |
| Cc: | "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: debugging SSL connection problems |
| Date: | 2017-07-10 21:32:36 |
| Message-ID: | CABUevExUKbsD-3x5BpAq9KmgEuXYLtH7LU9BMLqBFcJ5EB0pcQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Mon, Jul 10, 2017 at 11:19 PM, Jeff Janes <jeff(dot)janes(at)gmail(dot)com> wrote:
>
> Is there a way to get libpq to hand over the certificate it gets from the
> server, so I can inspect it with other tools that give better diagnostic
> messages? I've tried to scrape it out of the output of "strace -s8192",
> but since it is binary it is difficult to figure out where it begins and
> ends within the larger server response method.
>
>
PQgetssl() or PQsslStruct() should give you the required struct from
OpenSSL, which you can then use OpenSSL to inspect. You should be able to
use (I think) SSL_get_peer_certificate() to get at it.
(this is what libpq does and stores it in ->peer, but that's a private api.
But you can see be-secure-openssl.c for some examples)
--
Magnus Hagander
Me: https://www.hagander.net/ <http://www.hagander.net/>
Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Zhu, Joshua | 2017-07-10 21:49:02 | Re: BDR node removal and rejoin |
| Previous Message | Christopher Browne | 2017-07-10 21:26:43 | Re: Imperative Query Languages |