Your message dated Mon, 8 Aug 2016 10:08:23 -0400
with message-id <[email protected]>
and subject line fixed
has caused the Debian Bug report #654907,
regarding [postgresql-client-9.1] does not examine Subject Alternative Names
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
654907: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654907
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: postgresql-client-9.1
Version: 9.1.2-1
Severity: minor
I'm currently migrating machines to a new DNS domain. To ease migration I
created X.509 certificates with old and new names:
> Subject: CN=db.new.domain
> Extensions:
> Subject Alternative Name (not critical):
> DNSname: db.new.domain
> DNSname: db.old.domain
Now psql unfortunately does exactly as described in the documentation:
> In verify-full mode, the cn (Common Name) attribute of the certificate is
> matched against the host name.
> $ psql service=db
> psql: server common name "db.new.domain" does not match host name
> "db.old.domain"
.pg_service.conf:
> [db]
> host=db.old.domain
> dbname=db
> sslmode=verify-full
> sslrootcert=/etc/ssl/certs/cacert.org.pem
Server version is 8.4.10-0squeeze1, but that should not matter.
Most other TLS clients work perfectly well with Subject Alternative Names.
Please don't tell me to use only verify-ca or migrate all clients at once.
Greetings
Timo
--- System information. ---
Architecture: amd64
Kernel: Linux 3.1.0-1-amd64
Debian Release: wheezy/sid
890 testing security.debian.org
--- Package information. ---
Depends (Version) | Installed
=================================================-+-=====================
libc6 (>= 2.4) | 2.13-24
libedit2 (>= 2.11-20080614-1) | 2.11-20080614-3
libpq5 (>= 9.0~) | 9.1.2-1
libssl1.0.0 (>= 1.0.0) | 1.0.0e-3
zlib1g (>= 1:1.1.4) | 1:1.2.3.4.dfsg-3
postgresql-client-common (>= 115~) | 128
Package's Recommends field is empty.
Suggests (Version) | Installed
=================================-+-===========
postgresql-9.1 | 9.1.2-1
postgresql-doc-9.1 | 9.1.2-1
signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---
Version: 9.5.0
This was implemented in PostgreSQL 9.5.
--- End Message ---
_______________________________________________
Pkg-postgresql-public mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-postgresql-public
