Skip site navigation (1) Skip section navigation (2)

Re: more verbose SSL session info for psql

From: John Gray <jgray(at)azuli(dot)co(dot)uk>
To: Bear Giles <bgiles(at)coyotesong(dot)com>
Cc: pgsql-patches(at)postgresql(dot)org
Subject: Re: more verbose SSL session info for psql
Date: 2002-05-16 17:46:26
Message-ID: 1021571189.1379.2.camel@adzuki (view raw or flat)
Thread:
Lists: pgsql-patches
On Thu, 2002-05-16 at 05:28, Bear Giles wrote:
[snip]
>
> with the moderately more useful
> 
>   encrypted connection to eris.example.com
>   Chaos and Despair, Unlimited.
>   Turmoil Division
>   (cipher: DES-CBC3-SHA, bits 168)
> 
> (Specifically, the "common name", "organization name" and
> "organizational unit name" fields of the server's cert.)
> 
> Before anyone else points it out, anyone can put anything they want
> into their own self-signed cert.  So the value of this is limited
> until there's either a trusted local root cert store (like what
> web browsers use) or a trusted PKIX infrastructure.  But it's better
> than nothing if you routinely connect to multiple servers, and it
> will get people used to seeing the information.
> 

Would it be useful therefore to add [unverified] to the start of the
listing -a trusted certificate verification option later would make this
[verified]? Then the format doesn't change once you implement a trusted
certificate infrastructure.

Regards

John


-- 
John Gray	
Azuli IT	
www.azuli.co.uk	



In response to

pgsql-patches by date

Next:From: Nigel J. AndrewsDate: 2002-05-16 22:49:18
Subject: libpgtcl - backend version information patch
Previous:From: Joe ConwayDate: 2002-05-16 05:30:33
Subject: Re: SRF patch (was Re: [HACKERS] troubleshooting pointers)

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group