Skip site navigation (1) Skip section navigation (2)

Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Magnus Hagander <magnus(at)hagander(dot)net>
Cc: Bruce Momjian <bruce(at)momjian(dot)us>, Martin Pitt <mpitt(at)debian(dot)org>, pgsql-bugs(at)postgresql(dot)org
Subject: Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt
Date: 2009-04-11 23:15:23
Message-ID: 10003.1239491723@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-bugs
Magnus Hagander <magnus(at)hagander(dot)net> writes:
> Uh, it's not "on" if it's not "on". I'd rather call them "off", "on" and
>  something like "maybe" or "external" or "file". I'd find it very bad if
> you can say "sslverify=on" and then *not* end up getting it because of
> some external factor. That needs to be clear in the naming of the value
> if we go down that path.

I guess you didn't think through the implications of the sslmode
comment, but: this is all merest self-delusion.  If a hostile server is
trying to fool you, all he needs to do is configure his pg_hba.conf to
accept your connection in non-SSL mode, and your super duper
guaranteed-to-work ssl verification doesn't do a thing.

So unless you think you can persuade us to change the default sslmode to
"require", you're wasting your time making the above argument.


>> BTW, what in the world prompted us to use "cn" as an allowed value for
>> sslverify?  It looks for all the world like a typo for "on".

> Eh, what would you call it? It enables verification of the cn field in
> the certificate. Another option I considered was "full", but someone
> said that was bad - can't recall if that was on-list or off ATM.

I would call it "on", and put the hostname behavior control somewhere
else.  Overloading a security-sensitive parameter's meaning isn't a
particularly safe design, eh?  Especially with a value that people
can't even read correctly if their eyes are a bit bleary.

			regards, tom lane

In response to

Responses

pgsql-bugs by date

Next:From: Hiroshi InoueDate: 2009-04-11 23:38:42
Subject: Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt
Previous:From: Magnus HaganderDate: 2009-04-11 22:58:26
Subject: Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group