From: | Craig Ringer <craig(at)postnewspapers(dot)com(dot)au> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | pgsql-bugs <pgsql-bugs(at)postgresql(dot)org> |
Subject: | Re: BUG #5468: Pg doesn't send accepted root CA list to client during SSL client cert request |
Date: | 2010-05-26 02:10:25 |
Message-ID: | 4BFC8311.3090104@postnewspapers.com.au |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
On 26/05/10 09:59, Craig Ringer wrote:
> On 26/05/10 09:35, Tom Lane wrote:
>
>> I am now of the opinion that bug #5245 is in fact an exact dup of
>> bug #5468. The previous reporter was jumping to conclusions about what
>> his problem was: it was not that the server didn't send the full cert
>> chain, but that Java couldn't do the right thing without having the list
>> of cert names.
>
> No, they ARE NOT the same thing.
>
> #5468 is about *CLIENT* *CERTIFICATE* *AUTHENTICATION* where the
> *SERVER* VALIDATES THE *CLIENT* after the server sends a
> ServerHello.
>
> #5245 is about *CLIENT* *VALIDATION* *OF* *THE* *SERVER*, where the
> *CLIENT* VALIDATES THE *SERVER* after the server sends a
> CertificateRequest.
Argh, now I'm getting MYSELF backwards. Correction:
#5468 is about *CLIENT* *CERTIFICATE* *AUTHENTICATION* where the
*SERVER* VALIDATES THE *CLIENT* after the server sends a
*CertificateRequest*. <-- Was reversed above
#5245 is about *CLIENT* *VALIDATION* *OF* *THE* *SERVER*, where the
*CLIENT* VALIDATES THE *SERVER* after the server sends a
*ServerHello*. <-- Was reversed above
--
Craig Ringer
Tech-related writing: http://soapyfrogs.blogspot.com/
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2010-05-26 02:16:34 | Re: BUG #5468: Pg doesn't send accepted root CA list to client during SSL client cert request |
Previous Message | Craig Ringer | 2010-05-26 01:59:24 | Re: BUG #5468: Pg doesn't send accepted root CA list to client during SSL client cert request |