Received: from localhost (maia-3.hub.org [200.46.204.184])
	by postgresql.org (Postfix) with ESMTP id 961099FB340
	for <pgsql-admin-postgresql.org@postgresql.org>;
	Mon, 26 Mar 2007 11:00:31 -0300 (ADT)
Received: from postgresql.org ([200.46.204.71])
	by localhost (mx1.hub.org [200.46.204.184]) (amavisd-new, port 10024)
	with ESMTP id 44667-01 for <pgsql-admin-postgresql.org@postgresql.org>;
	Mon, 26 Mar 2007 11:00:05 -0300 (ADT)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.4
Received: from tigger.fuhr.org (tigger.fuhr.org [63.214.45.158])
	by postgresql.org (Postfix) with ESMTP id D0FE99FA501
	for <pgsql-admin@postgresql.org>; Mon, 26 Mar 2007 11:00:10 -0300 (ADT)
Received: from winnie.fuhr.org (winnie.fuhr.org [10.1.0.1])
	by tigger.fuhr.org (8.13.8/8.13.8) with ESMTP id l2QE05El051394
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
	Mon, 26 Mar 2007 07:00:08 -0700 (MST)
Received: from winnie.fuhr.org (localhost [127.0.0.1])
	by winnie.fuhr.org (8.13.8/8.13.8) with ESMTP id l2QE05K5009284;
	Mon, 26 Mar 2007 08:00:05 -0600 (MDT)
	(envelope-from mfuhr@winnie.fuhr.org)
Received: (from mfuhr@localhost)
	by winnie.fuhr.org (8.13.8/8.13.8/Submit) id l2QE04qR009283;
	Mon, 26 Mar 2007 08:00:05 -0600 (MDT) (envelope-from mfuhr)
Date: Mon, 26 Mar 2007 08:00:04 -0600
From: Michael Fuhr <mike@fuhr.org>
To: Ray Stell <stellr@cns.vt.edu>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, pgsql-admin@postgresql.org
Subject: Re: no verification of client certificate?
Message-ID: <20070326140004.GA9109@winnie.fuhr.org>
References: <20070323181626.GA16092@cns.vt.edu>
	<25532.1174687277@sss.pgh.pa.us>
	<20070324020434.GA18533@cns.vt.edu> <1950.1174874480@sss.pgh.pa.us>
	<20070326025713.GA5653@winnie.fuhr.org>
	<3130.1174881861@sss.pgh.pa.us> <20070326133533.GA17380@cns.vt.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20070326133533.GA17380@cns.vt.edu>
X-Virus-Scanned: Maia Mailguard 1.0.1
X-Archive-Number: 200703/196
X-Sequence-Number: 25020

On Mon, Mar 26, 2007 at 09:35:33AM -0400, Ray Stell wrote:
> Knowing how Michael traced the connection with ssldump would be
> VERY helpful.

The simple way is to run ssldump in one shell while running psql
in another:

ssldump -q port 5482    # my 8.2.3 db listens on port 5482

If I want to do more analysis I usually save the connection with
tcpdump first:

tcpdump -s0 -w dumpfile port 5482

The -s0 option is important: it tells tcpdump to capture the entire
packet.

When I'm done with psql I stop tcpdump and run ssldump over the dumpfile:

ssldump -r dumpfile -q

-- 
Michael Fuhr