Skip site navigation (1) Skip section navigation (2)

Re: BUG #4340: SECURITY: Is SSL Doing Anything?

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Dan Kaminsky <dan(at)doxpara(dot)com>
Cc: Gregory Stark <stark(at)enterprisedb(dot)com>, Alvaro Herrera <alvherre(at)commandprompt(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>, pgsql-bugs(at)postgresql(dot)org
Subject: Re: BUG #4340: SECURITY: Is SSL Doing Anything?
Date: 2008-08-19 16:00:58
Message-ID: 1667.1219161658@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-bugs
Dan Kaminsky <dan(at)doxpara(dot)com> writes:
> My question has been:  When you attempt to create an SSL connection to 
> database.backend.com, do you actually validate that:

> 1) The subject name of the certificate you're connecting to is 
> database.backend.com, and
> 2) At least the basic checks (expiration, chaining back to a valid root) 
> occur?

[ shrug... ] We do whatever OpenSSL's default validation behavior is.
If that's inadequate you probably ought to be taking it up with them,
instead of trying to get downstream projects to fix it one at a time.

			regards, tom lane

In response to

Responses

pgsql-bugs by date

Next:From: Dan KaminskyDate: 2008-08-19 17:04:15
Subject: Re: BUG #4340: SECURITY: Is SSL Doing Anything?
Previous:From: Dan KaminskyDate: 2008-08-19 15:58:06
Subject: Re: BUG #4340: SECURITY: Is SSL Doing Anything?

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group