projects / users / bernd / postgres.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2df465e) | patch
Follow the RFCs more closely in libpq server certificate hostname check.
authorHeikki Linnakangas <heikki.linnakangas@iki.fi>
Mon, 15 Sep 2014 13:14:24 +0000 (16:14 +0300)
committerHeikki Linnakangas <heikki.linnakangas@iki.fi>
Mon, 15 Sep 2014 13:16:06 +0000 (16:16 +0300)
commit58e70cf9fb42c1ad60b8ba730fd129f2ce6fa332
tree4ea35d2ae2d9e2f425974c71af61ef8752216a1etree
parent2df465e696f49bb12c0a362aa6f68f75a752d7a8commit | diff
Follow the RFCs more closely in libpq server certificate hostname check.

The RFCs say that the CN must not be checked if a subjectAltName extension
of type dNSName is present. IOW, if subjectAltName extension is present,
but there are no dNSNames, we can still check the CN.

Alexey Klyukin
src/interfaces/libpq/fe-secure-openssl.c diff | blob | blame | history
Bernd Helmle's repository