Re: [PoC] Let libpq reject unexpected authentication requests

Поиск
Список
Период
Сортировка
От Michael Paquier
Тема Re: [PoC] Let libpq reject unexpected authentication requests
Дата
Msg-id ZB0yitjRNWE9Aimc@paquier.xyz
обсуждение исходный текст
Ответ на Re: [PoC] Let libpq reject unexpected authentication requests  (Jacob Champion <jchampion@timescale.com>)
Ответы Re: [PoC] Let libpq reject unexpected authentication requests  (Jacob Champion <jchampion@timescale.com>)
Список pgsql-hackers
Дерево обсуждения 
On Thu, Mar 23, 2023 at 03:40:55PM -0700, Jacob Champion wrote:
> On Tue, Mar 21, 2023 at 11:01 PM Michael Paquier <michael@paquier.xyz> wrote:
>> contrib/sslinfo/ has ssl_client_cert_present(), that we could use in
>> the tests to make sure that the client has actually sent a
>> certificate?  How about adding some of these tests to 003_sslinfo.pl
>> for the "allow" and "require" cases?
>
> Added; see what you think.

That's a pretty good test design, covering all 4 cases.  Nice.

>> freePGconn() is missing a free(sslcertmode).
>
> Argh, I keep forgetting that. Fixed, thanks!

I have spent a couple of hours looking at the whole again today,
testing that with OpenSSL to make sure that everything was OK.  Apart
from a few tweaks, that seemed pretty good.  So, applied.
--
Michael
Вложения

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Yugo NAGATA
Дата:
Сообщение: Re: psql \watch 2nd argument: iteration count
Следующее
От: Masahiko Sawada
Дата:
Сообщение: Re: Should vacuum process config file reload more often