Participants
Magnus Hagander
Magnus Hagander
Andrew Gierth
Andrew Gierth
Alvaro Herrera
Alvaro Herrera
Tom Lane
Tom Lane
Attachments
Thread Outline
#1Andrew GierthAndrew Gierth
May 08, 2009
#2Magnus HaganderMagnus Haganderto Andrew Gierth (#1)
May 11, 2009
#3Alvaro HerreraAlvaro Herrerato Magnus Hagander (#2)
May 11, 2009
#4Tom LaneTom Laneto Alvaro Herrera (#3)
May 11, 2009
#5Magnus HaganderMagnus Haganderto Tom Lane (#4)
May 11, 2009

SSL cert chains patch

Started by Andrew Gierthover 16 years ago5 messages
#1Andrew Gierth
Andrew Gierth
andrew@tao11.riddles.org.uk
1 attachment(s)

Magnus asked me for this, when the subject came up on IRC. This is a
longstanding ignored issue, for example
http://archives.postgresql.org/message-id/slrnemslp5.2rcr.andrew+nonews@atlantis.supernews.net
http://archives.postgresql.org/message-id/15D55918-FA9C-4E6A-BA15-BDC9142A6C44@contegix.com

--
Andrew (irc:RhodiumToad)

Attachments:

sslchain.patchtext/x-patchDownload
Index: src/backend/libpq/be-secure.c
===================================================================
RCS file: /projects/cvsroot/pgsql/src/backend/libpq/be-secure.c,v
retrieving revision 1.90
diff -c -r1.90 be-secure.c
*** src/backend/libpq/be-secure.c	28 Jan 2009 15:06:47 -0000	1.90
--- src/backend/libpq/be-secure.c	8 May 2009 21:30:43 -0000
***************
*** 729,737 ****
  		/*
  		 * Load and verify certificate and private key
  		 */
! 		if (SSL_CTX_use_certificate_file(SSL_context,
! 										  SERVER_CERT_FILE,
! 										  SSL_FILETYPE_PEM) != 1)
  			ereport(FATAL,
  					(errcode(ERRCODE_CONFIG_FILE_ERROR),
  				  errmsg("could not load server certificate file \"%s\": %s",
--- 729,736 ----
  		/*
  		 * Load and verify certificate and private key
  		 */
! 		if (SSL_CTX_use_certificate_chain_file(SSL_context,
! 										  SERVER_CERT_FILE) != 1)
  			ereport(FATAL,
  					(errcode(ERRCODE_CONFIG_FILE_ERROR),
  				  errmsg("could not load server certificate file \"%s\": %s",
#2Magnus Hagander
Magnus Hagander
magnus@hagander.net
In reply to: Andrew Gierth (#1)
Re: SSL cert chains patch

Andrew Gierth wrote:

Magnus asked me for this, when the subject came up on IRC. This is a
longstanding ignored issue, for example
http://archives.postgresql.org/message-id/slrnemslp5.2rcr.andrew+nonews@atlantis.supernews.net
http://archives.postgresql.org/message-id/15D55918-FA9C-4E6A-BA15-BDC9142A6C44@contegix.com

Applied, thanks!

--
Magnus Hagander
Self: http://www.hagander.net/
Work: http://www.redpill-linpro.com/

#3Alvaro Herrera
Alvaro Herrera
alvherre@commandprompt.com
In reply to: Magnus Hagander (#2)
Re: SSL cert chains patch

Magnus Hagander wrote:

Andrew Gierth wrote:

Magnus asked me for this, when the subject came up on IRC. This is a
longstanding ignored issue, for example
http://archives.postgresql.org/message-id/slrnemslp5.2rcr.andrew+nonews@atlantis.supernews.net
http://archives.postgresql.org/message-id/15D55918-FA9C-4E6A-BA15-BDC9142A6C44@contegix.com

Applied, thanks!

Shouldn't this be backpatched?

--
Alvaro Herrera http://www.CommandPrompt.com/
The PostgreSQL Company - Command Prompt, Inc.

#4Tom Lane
Tom Lane
tgl@sss.pgh.pa.us
In reply to: Alvaro Herrera (#3)
Re: SSL cert chains patch

Alvaro Herrera <alvherre@commandprompt.com> writes:

Magnus Hagander wrote:

Applied, thanks!

Shouldn't this be backpatched?

It looks like a feature change to me ...

regards, tom lane

#5Magnus Hagander
Magnus Hagander
magnus@hagander.net
In reply to: Tom Lane (#4)
Re: SSL cert chains patch

Tom Lane wrote:

Alvaro Herrera <alvherre@commandprompt.com> writes:

Magnus Hagander wrote:

Applied, thanks!

Shouldn't this be backpatched?

It looks like a feature change to me ...

Yup, I think so too. It changes the behavior if you have such a file.

//Magnus

← Back to Topics