On 08/12/2014 02:28 PM, Andres Freund wrote:
On 2014-08-12 14:01:18 +0300, Heikki Linnakangas wrote:
Also, to test sslmode=verify-full, where the client checks that the server
certificate's hostname matches the hostname that it connected to, you need
to have two aliases for the same server, one that matches the certificate
and one that doesn't. But I think I found a way around that part; if the
certificate is set up for "localhost", and connect to "127.0.0.1", you get a
mismatch.
Alternatively, and to e.g. test wildcard certs and such, I think you can
specify both host and hostaddr to connect to connect without actually
doing a dns lookup.
Oh, I didn't know that's possible! Yeah, that's a good solution.
- Heikki
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
