Re: [PATCH] Accept IP addresses in server certificate SANs

Jacob Champion <pchampion@vmware.com>

From: Jacob Champion <pchampion@vmware.com>
To: "daniel@yesql.se" <daniel@yesql.se>, "peter.eisentraut@enterprisedb.com" <peter.eisentraut@enterprisedb.com>, "tgl@sss.pgh.pa.us" <tgl@sss.pgh.pa.us>
Cc: "stark@mit.edu" <stark@mit.edu>, "pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>, "horikyota.ntt@gmail.com" <horikyota.ntt@gmail.com>
Date: 2022-04-01T15:24:30Z
Lists: pgsql-hackers
On Fri, 2022-04-01 at 16:07 +0200, Peter Eisentraut wrote:
> I have committed this.
> 
> I have removed the inet header refactoring that you had.  That wasn't
> necessary, since pg_inet_net_ntop() can use the normal AF_INET*
> constants.  The PGSQL_AF_INET* constants are only for the internal
> storage of the inet/cidr types.
> 
> I have added a configure test for inet_pton().  We can check in the
> build farm if it turns out to be necessary.

Thanks!

--Jacob

Commits

  1. libpq: Allow IP address SANs in server certificates

  2. Add SSL tests for IP addresses in certificates

  3. Make JSON path numeric literals more correct