Re: Correction of intermediate certificate handling

Поиск
Список
Период
Сортировка
От Peter Eisentraut
Тема Re: Correction of intermediate certificate handling
Дата
Msg-id b5d4873a-ff77-b6f6-fd66-f725e5bc343d@2ndquadrant.com
обсуждение исходный текст
Ответ на Re: Correction of intermediate certificate handling  (Michael Paquier <michael.paquier@gmail.com>)
Ответы Re: Correction of intermediate certificate handling  (Bruce Momjian <bruce@momjian.us>)
Список pgsql-docs
Дерево обсуждения 
On 1/16/18 00:33, Michael Paquier wrote:
> On top of that, src/test/ssl does not provide any kind of coverage for
> that. It would be an area of improvement for those tests.

The tests already cover this:

# intermediate client_ca.crt is provided by client, and isn't in
server's ssl_ca_file
switch_server_cert($node, 'server-cn-only', 'root_ca');
$common_connstr =
"user=ssltestuser dbname=certdb sslkey=ssl/client_tmp.key
sslrootcert=ssl/root+server_ca.crt hostaddr=$SERVERHOSTADDR";

test_connect_ok($common_connstr,
    "sslmode=require sslcert=ssl/client+client_ca.crt");
test_connect_fails($common_connstr, "sslmode=require
sslcert=ssl/client.crt");

If you change the Makefile rule for generating the client CA to omit the
-extensions v3_ca option, then the first test will fail.

-- 
Peter Eisentraut              http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services

В списке pgsql-docs по дате отправления:

Предыдущее
От: Bruce Momjian
Дата:
Сообщение: Re: pg_upgrade docs are confusing if PostgreSQL's versioningsystem/language isn't known to reader
Следующее
От: Peter Eisentraut
Дата:
Сообщение: Re: Can take filesystem bkp of pg data folder when server is running