Re: [GENERAL] debugging SSL connection problems
| От | Michael Paquier |
|---|---|
| Тема | Re: [GENERAL] debugging SSL connection problems |
| Дата | |
| Msg-id | CAB7nPqRskr5tZz963b3nHkvZn5ffN6cDfMEb_eHQSwbh1nNZTA@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: [GENERAL] debugging SSL connection problems (Magnus Hagander <magnus@hagander.net>) |
| Список | pgsql-general |
On Tue, Jul 11, 2017 at 6:32 AM, Magnus Hagander <magnus@hagander.net> wrote: > On Mon, Jul 10, 2017 at 11:19 PM, Jeff Janes <jeff.janes@gmail.com> wrote: >> Is there a way to get libpq to hand over the certificate it gets from the >> server, so I can inspect it with other tools that give better diagnostic >> messages? I've tried to scrape it out of the output of "strace -s8192", but >> since it is binary it is difficult to figure out where it begins and ends >> within the larger server response method. >> > > PQgetssl() or PQsslStruct() should give you the required struct from > OpenSSL, which you can then use OpenSSL to inspect. You should be able to > use (I think) SSL_get_peer_certificate() to get at it. Yes that will work. The SSL context stored in PGconn offers enough entry point to access all the SSL-related data. -- Michael
В списке pgsql-general по дате отправления: