Обсуждение: Universal certificate for verify-full ssl connection

Hi,

I am trying to generate self-signed certificate for full ssl authentication. I need to have universal version of this
certificatefor development purposes (so any client can connect with any postgresql server with ssl on). 
I am using IP while connecting, I mean host=<IP>.

However verify-full connection works only in case "Common Name" in certificate contains only fully qualified IP
address,when I try to set CN as * (asterisk) I receive error: 

server common name "*" does not match hostname "my_ip"

According to the documentation here : http://www.postgresql.org/docs/current/static/libpq-ssl.html

"If the connection is made using an IP address instead of a host name, the IP address will be matched (without doing
anyDNS lookups). " 

Would you please advise what I am doing wrong? Or maybe there is other way to generate wildcard certificate ?

Thanks in advance !

Joanna

On 05/30/2011 03:58 PM, Asia wrote:
> Would you please advise what I am doing wrong? Or maybe there is other way to generate wildcard certificate ?

I wouldn't be surprised if libpq didn't support wildcard certificates at
all. I doubt there's ever been any demand for them.

Have you checked in the source code?

What version of libpq are you using, and what version of openssl is it
compiled against?

--
Craig Ringer