On Fri, 8 Dec 2023 at 20:17, Stephen R. van den Berg <[email protected]> wrote: > > Chris Angelico wrote: > >3. It's surprisingly hard to find tools that can help you debug client > >certificates. > > It's a mess. It has been a mess for a long time. > The few times I tried to use something like wireshark or tcpdump to peek > into an SSL connection I gave up after trying for a while. It's a lot > of work to get it right, way too much work compared to quickly starting > tcpdump on a stream.
Hmm. Maybe I should polish the two scripts I was using, and then put them into the SSL module somewhere as examples. There are quite a few subtleties (like that you won't see client certs unless you set "ctx->auth_level = SSL.Constants.AUTHLEVEL_ask" on the server side) and I would really have appreciated an example like that. > >Anyhow. I've created the branch rosuav/pgsql-ssl for this. Can someone > >review it please? Particularly with respect to the "DEBUG HACK" commit > >there, where I ripped out all of the Shuffler code and just went > >straight to the Stdio.Buffer; there's a lot going on with the Shuffler > >and I'm sure there's a way better way to make this work, but I wasn't > >able to figure that out. > > I'll have a look. Thanks! Appreciate it. ChrisA
