| From: | Andres Freund <andres(at)2ndquadrant(dot)com> |
|---|---|
| To: | Heikki Linnakangas <hlinnakangas(at)vmware(dot)com> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: SSL regression test suite |
| Date: | 2014-08-12 11:28:55 |
| Message-ID: | 20140812112855.GG5999@awork2.anarazel.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 2014-08-12 14:01:18 +0300, Heikki Linnakangas wrote:
> On 08/05/2014 10:46 PM, Robert Haas wrote:
> >Why can't you make it work over 127.0.0.1?
>
> I wanted it to be easy to run the client and the server on different hosts.
> As soon as we have more than one SSL implementation, it would be really nice
> to do interoperability testing between a client and a server using different
> implementations.
>
> Also, to test sslmode=verify-full, where the client checks that the server
> certificate's hostname matches the hostname that it connected to, you need
> to have two aliases for the same server, one that matches the certificate
> and one that doesn't. But I think I found a way around that part; if the
> certificate is set up for "localhost", and connect to "127.0.0.1", you get a
> mismatch.
Alternatively, and to e.g. test wildcard certs and such, I think you can
specify both host and hostaddr to connect to connect without actually
doing a dns lookup.
Greetings,
Andres Freund
--
Andres Freund http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Marti Raudsepp | 2014-08-12 12:41:44 | Re: jsonb format is pessimal for toast compression |
| Previous Message | Marko Tiikkaja | 2014-08-12 11:23:26 | Re: PL/PgSQL: RAISE and the number of parameters |