Quick Links

pgsql: Follow the RFCs more closely in libpq server certificate hostnam

From:	Heikki Linnakangas <heikki(dot)linnakangas(at)iki(dot)fi>
To:	pgsql-committers(at)postgresql(dot)org
Subject:	pgsql: Follow the RFCs more closely in libpq server certificate hostnam
Date:	2014-09-15 13:17:09
Message-ID:	E1XTW9V-00020u-B3@gemulon.postgresql.org
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-committers

Follow the RFCs more closely in libpq server certificate hostname check.

The RFCs say that the CN must not be checked if a subjectAltName extension
of type dNSName is present. IOW, if subjectAltName extension is present,
but there are no dNSNames, we can still check the CN.

Alexey Klyukin

Branch
------
master

Details
-------
http://git.postgresql.org/pg/commitdiff/58e70cf9fb42c1ad60b8ba730fd129f2ce6fa332

Modified Files
--------------
src/interfaces/libpq/fe-secure-openssl.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)

Browse pgsql-committers by date

	From	Date	Subject
Next Message	Heikki Linnakangas	2014-09-16 06:40:23	pgsql: Fix the return type of GIN triConsistent support functions to "c
Previous Message	Peter Eisentraut	2014-09-14 14:57:54	pgsql: doc: Fix documentation of local_preload_libraries