On 2014-08-12 14:01:18 +0300, Heikki Linnakangas wrote: > On 08/05/2014 10:46 PM, Robert Haas wrote: > >Why can't you make it work over 127.0.0.1? > > I wanted it to be easy to run the client and the server on different hosts. > As soon as we have more than one SSL implementation, it would be really nice > to do interoperability testing between a client and a server using different > implementations. > > Also, to test sslmode=verify-full, where the client checks that the server > certificate's hostname matches the hostname that it connected to, you need > to have two aliases for the same server, one that matches the certificate > and one that doesn't. But I think I found a way around that part; if the > certificate is set up for "localhost", and connect to "127.0.0.1", you get a > mismatch.
Alternatively, and to e.g. test wildcard certs and such, I think you can specify both host and hostaddr to connect to connect without actually doing a dns lookup. Greetings, Andres Freund -- Andres Freund http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
