Re: Broken SSL tests in master
| От | Mithun Cy |
|---|---|
| Тема | Re: Broken SSL tests in master |
| Дата | |
| Msg-id | CAD__Oujp33fW+tHt94H-dC3gUE6_b1k0fq80mJCi8cb=-F00bQ@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Broken SSL tests in master ("Tsunakawa, Takayuki" <tsunakawa.takay@jp.fujitsu.com>) |
| Список | pgsql-hackers |
On Fri, Nov 25, 2016 at 10:41 AM, Tsunakawa, Takayuki <tsunakawa.takay@jp.fujitsu.com> wrote:
> I agree that pg_conn_host should have hostaddr in addition to host, and PQhost() return host when host is specified with/without hostaddr specified.
typedef struct pg_conn_host
+{
+ char *host; /* host name or address, or socket path */
+ pg_conn_host_type type; /* type of host */
+ char *port; /* port number for this host; if not NULL,
+ * overrrides the PGConn's pgport */
+ char *password; /* password for this host, read from the
+ * password file. only set if the PGconn's
+ * pgpass field is NULL. */
+ struct addrinfo *addrlist; /* list of possible backend addresses */
+} pg_conn_host;
+typedef enum pg_conn_host_type
+{
+ CHT_HOST_NAME,
+ CHT_HOST_ADDRESS,
+ CHT_UNIX_SOCKET
+} pg_conn_host_type;
host parameter stores both hostname and hostaddr, and we already have parameter "type" to identify same.
I think we should not be using PQHost() directly in verify_peer_name_matches_certificate_name (same holds good for GSS, SSPI). Instead proceed only if "conn->connhost[conn->whichhost]" is a "CHT_HOST_NAME".
Also further old PQHost() did not produce CHT_HOST_ADDRESS as its output so we might need to revert back to old behaviour.
>However, I wonder whether the hostaddr parameter should also accept multiple IP addresses. Currently, it accepts only one address as follows. I >asked Robert and Mithun about this, but I forgot about that.
As far as I know only pghost allowed to have multiple host. And, pghostaddr takes only one numeric address.
В списке pgsql-hackers по дате отправления: