On Fri, Dec 2, 2016 at 5:17 AM, Robert Haas <robertmh...@gmail.com> wrote: > On Thu, Nov 24, 2016 at 4:38 PM, Andreas Karlsson <andr...@proxel.se> wrote: >> As you can see, after the patch libpq will now look at hostaddr rather than >> host when validating the server certificate because that is what is stored >> in the first (and only) entry of conn->connhost, and therefore what PQhost() >> return. >> >> To me it feels like the proper fix would be to make PQHost() return the >> value of the host parameter rather than the hostaddr (maybe add a new field >> in the pg_conn_host struct). But would be a behaviour change which might >> break someones application. Thoughts? > > I think that the blame here is on the original commit, > 274bb2b3857cc987cfa21d14775cae9b0dababa5, which inadvertently changed > the behavior of PQhost. Prior to that commit, even if "hostaddr" was > used, PQhost would still return whatever value was associated with the > "host" parameter, but now it ignores "host" and returns "hostaddr" > instead. That's busted. I've pushed a trivial fix, and the SSL tests > now pass for me.
+ if (conn->connhost != NULL && + conn->connhost[conn->whichhost].type != CHT_HOST_ADDRESS) return conn->connhost[conn->whichhost].host I think that's still incorrect. If a connection string defines a comma-separated list of host, and hostaddr is defined as well, PQhost() would return the comma-separated list, not the IP of the host it is connected to. Am I reading that incorrectly? -- Michael -- Sent via pgsql-hackers mailing list (firstname.lastname@example.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers