Re: BUG #5559: Full SSL verification fails when hostaddr provided

* Tom Lane (tgl@sss.pgh.pa.us) wrote:
> Uh, no, because hostaddr is (required to be) a numeric IP.  The odds of
> it being useful in this context seem negligible.

Perhaps I was being a bit overzealous in my last response, sorry about
that.  If the point here is that people who are using hostaddr are in an
environment where DNS is non-functional or actively broken, then yes,
just bombing out would probably be fine.  I think the issue I have here
is that if you've gone to the trouble to set things up on the
server-side to a point where it asks the client to do Kerberos (which, I
think, must be the case if we've gotten to this point in the code), and
for some reason the client has decided to use hostaddr instead of host
(perhaps some client-side code saw a dotted-quad and thought "oh, you
must want to use hostaddr instead of host"), it shouldn't break without
a real reason.

    Thanks,

        Stephen