Follow the RFCs more closely in libpq server certificate hostname check. The RFCs say that the CN must not be checked if a subjectAltName extension of type dNSName is present. IOW, if subjectAltName extension is present, but there are no dNSNames, we can still check the CN.
Alexey Klyukin Branch ------ master Details ------- http://git.postgresql.org/pg/commitdiff/58e70cf9fb42c1ad60b8ba730fd129f2ce6fa332 Modified Files -------------- src/interfaces/libpq/fe-secure-openssl.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) -- Sent via pgsql-committers mailing list ([email protected]) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-committers
