Re: How to test SSL cert from CA?
| От | Tom Lane |
|---|---|
| Тема | Re: How to test SSL cert from CA? |
| Дата | |
| Msg-id | 17849.1436537026@sss.pgh.pa.us обсуждение исходный текст |
| Ответ на | Re: How to test SSL cert from CA? (Francisco Reyes <lists@natserv.net>) |
| Список | pgsql-general |
Francisco Reyes <lists@natserv.net> writes: > On 07/09/2015 03:07 PM, Vick Khera wrote: >> openssl s_client -connect HOST:PORT -CAfile /path/to/CA.pem > According to this post: > http://serverfault.com/questions/79876/connecting-to-postgresql-with-ssl-using-openssl-s-client?rq=1 > one can not use openssl to test ssl connection to postgresql. True? I should think you can't; it wouldn't know to send the initial packet that asks the server to initiate SSL mode. I found this in the man page for s_client mode: -starttls protocol send the protocol-specific message(s) to switch to TLS for communication. protocol is a keyword for the intended protocol. Currently, the only supported keywords are "smtp", "pop3", "imap", and "ftp". So they've certainly heard of such issues, and you could imagine adding a "-starttls postgresql" variant, but it's not there now ... at least not in the OpenSSL version that ships in RHEL6. regards, tom lane
В списке pgsql-general по дате отправления: