public inbox for [email protected]
help / color / mirror / Atom feedFrom: Ray Stell <[email protected]>
To: Tom Lane <[email protected]>
Cc: Michael Fuhr <[email protected]>
Cc: [email protected]
Subject: Re: no verification of client certificate?
Date: Mon, 26 Mar 2007 09:35:33 -0400
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
On Mon, Mar 26, 2007 at 12:04:21AM -0400, Tom Lane wrote:
> Michael Fuhr <[email protected]> writes:
> > On Sun, Mar 25, 2007 at 10:01:20PM -0400, Tom Lane wrote:
> >> I looked more closely and you are right: if the server does not have
> >> a root.crt file then it doesn't send its server cert to the client,
> >> and so there's no way for the client to verify the cert.
>
> > Eh? ssldump shows otherwise here with 8.2.3.
>
> Well, if it works then why is the OP complaining?
Two reasons:
1. I was following:
http://www.postgresql.org/docs/8.2/interactive/ssl-tcp.html
I did not know this page existed:
http://www.postgresql.org/docs/8.2/interactive/libpq-ssl.html
Connecting the two pages would have helped me.
2. I probably made a mistake trying the various combinations.
Knowing how Michael traced the connection with ssldump would be
VERY helpful. Trying to put it together from strace is much harder
and I probably made multiple mistakes. I was on a fishing expedition
at best as I didn't know how it went together.
view thread (14+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected]
Subject: Re: no verification of client certificate?
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox