- Desktop
- Enterprise
- Gaming
- Graphics
- Hardware
- Linux Kernel
- Multimedia
- Operating Systems
- Programming
- System Internals
- All Projects
- Latest News
- fate/iamf: add a demux text
- pg_combinebackup: Add --version to --help output
- PostgreSQL: Support SSL_R_VERSION_TOO_LOW when using LibreSSL
- avcodec/mediacodecenc: Add global header support
- tdf#159660: also add normal blend filter
- Linux Kernel: Linux 6.9-rc5
- WINE: Release 9.7.
- Sync psm/evdev/atkbd with FreeBSD
- Latest News (cont.)
- lavfi: Add pad_vaapi filter
- lavfi: Add drawbox_vaapi filter
- Linux Kernel: Linux 6.9-rc4
- Embind: support .implement()-based JS UNO objects
- tdf#33603: sd: rework notes panel
- xwayland: Add SourceValidate hook
- UPower: Release 1.90.4
- timezone: sync to TZDB 2024a
- Linux Kernel: Linux 6.9-rc3
- Optimize pg_popcount() with AVX-512 instructions
- Enhance nbtree ScalarArrayOp execution
Featured content is also available via:
Support Subject Alternative Names in SSL server certificates
Enterprise / PostgreSQL - Heikki Linnakangas [iki.fi] - 12 September 2014 09:17 UTC
This patch makes libpq check the server's hostname against DNS names listed in the X509 subjectAltName extension field in the server certificate. This allows the same certificate to be used for multiple domain names. If there are no SANs in the certificate, the Common Name field is used, like before this patch. If both are given, the Common Name is ignored. That is a bit surprising, but that's the behavior mandated by the relevant RFCs, and it's also what the common web browsers do.
This also adds a libpq_ngettext helper macro to allow plural messages to be translated in libpq. Apparently this happened to be the first plural message in libpq, so it was not needed before.
Alexey Klyukin, with some kibitzing by me.
acd08d7 Support Subject Alternative Names in SSL server certificates.
src/interfaces/libpq/fe-misc.c | 18 ++-
src/interfaces/libpq/fe-secure-openssl.c | 238 +++++++++++++++++++++++-------
src/interfaces/libpq/libpq-int.h | 4 +
3 files changed, 202 insertions(+), 58 deletions(-)
Upstream: git.postgresql.org
Share
- Tweet
Recent PostgreSQL Activity
- Avoid unnecessary "touch meson.build" in vpath builds
Andres Freund - Post-commit review fixes for slot synchronization
Amit Kapila - pg_combinebackup: Add --version to --help output
Peter Eisentraut - Support SSL_R_VERSION_TOO_LOW when using LibreSSL
Daniel Gustafsson - Support disallowing SSL renegotiation when using LibreSSL
Daniel Gustafsson