Обсуждение: pgsql: Allow full SSL certificate verification (wherein libpq checks its
pgsql: Allow full SSL certificate verification (wherein libpq checks its
От
tgl@postgresql.org (Tom Lane)
Дата:
Log Message: ----------- Allow full SSL certificate verification (wherein libpq checks its host name parameter against server cert's CN field) to succeed in the case where both host and hostaddr are specified. As with the existing precedents for Kerberos, GSSAPI, SSPI, it is the calling application's responsibility that host and hostaddr match up --- we just use the host name as given. Per bug #5559 from Christopher Head. In passing, make the error handling and messages for the no-host-name-given failure more consistent among these four cases, and correct a lie in the documentation: we don't attempt to reverse-lookup host from hostaddr if host is missing. Back-patch to 8.4 where SSL cert verification was introduced. Tags: ---- REL9_0_STABLE Modified Files: -------------- pgsql/doc/src/sgml: libpq.sgml (r1.313 -> r1.313.2.1) (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/doc/src/sgml/libpq.sgml?r1=1.313&r2=1.313.2.1) pgsql/src/interfaces/libpq: fe-auth.c (r1.144 -> r1.144.4.1) (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/interfaces/libpq/fe-auth.c?r1=1.144&r2=1.144.4.1) fe-secure.c (r1.135 -> r1.135.2.1) (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/interfaces/libpq/fe-secure.c?r1=1.135&r2=1.135.2.1) libpq-int.h (r1.152 -> r1.152.2.1) (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/interfaces/libpq/libpq-int.h?r1=1.152&r2=1.152.2.1)