On Fri, Dec 2, 2016 at 5:17 AM, Robert Haas <robertmh...@gmail.com> wrote:
> On Thu, Nov 24, 2016 at 4:38 PM, Andreas Karlsson <andr...@proxel.se> wrote:
>> As you can see, after the patch libpq will now look at hostaddr rather than
>> host when validating the server certificate because that is what is stored
>> in the first (and only) entry of conn->connhost, and therefore what PQhost()
>> return.
>> To me it feels like the proper fix would be to make PQHost() return the
>> value of the host parameter rather than the hostaddr (maybe add a new field
>> in the pg_conn_host struct). But would be a behaviour change which might
>> break someones application. Thoughts?
> I think that the blame here is on the original commit,
> 274bb2b3857cc987cfa21d14775cae9b0dababa5, which inadvertently changed
> the behavior of PQhost.  Prior to that commit, even if "hostaddr" was
> used, PQhost would still return whatever value was associated with the
> "host" parameter, but now it ignores "host" and returns "hostaddr"
> instead.  That's busted.  I've pushed a trivial fix, and the SSL tests
> now pass for me.

+   if (conn->connhost != NULL &&
+       conn->connhost[conn->whichhost].type != CHT_HOST_ADDRESS)
        return conn->connhost[conn->whichhost].host
I think that's still incorrect. If a connection string defines a
comma-separated list of host, and hostaddr is defined as well,
PQhost() would return the comma-separated list, not the IP of the host
it is connected to. Am I reading that incorrectly?

Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:

Reply via email to