Universal certificate for verify-full ssl connection
Hi,
I am trying to generate self-signed certificate for full ssl authentication. I need to have universal version of this certificate for development purposes (so any client can connect with any postgresql server with ssl on).
I am using IP while connecting, I mean host=<IP>.
However verify-full connection works only in case "Common Name" in certificate contains only fully qualified IP address, when I try to set CN as * (asterisk) I receive error:
server common name "*" does not match hostname "my_ip"
According to the documentation here : http://www.postgresql.org/docs/current/static/libpq-ssl.html
"If the connection is made using an IP address instead of a host name, the IP address will be matched (without doing any DNS lookups). "
Would you please advise what I am doing wrong? Or maybe there is other way to generate wildcard certificate ?
Thanks in advance !
Joanna
On 05/30/2011 03:58 PM, Asia wrote:
Would you please advise what I am doing wrong? Or maybe there is other way to generate wildcard certificate ?
I wouldn't be surprised if libpq didn't support wildcard certificates at
all. I doubt there's ever been any demand for them.
Have you checked in the source code?
What version of libpq are you using, and what version of openssl is it
compiled against?
--
Craig Ringer