| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Gregory Stark <stark(at)enterprisedb(dot)com> |
| Cc: | Martijn van Oosterhout <kleptog(at)svana(dot)org>, Peter Eisentraut <peter_e(at)gmx(dot)net>, Robert Haas <robertmhaas(at)gmail(dot)com>, Magnus Hagander <magnus(at)hagander(dot)net>, PG Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: SSL cleanups/hostname verification |
| Date: | 2008-10-21 12:47:35 |
| Message-ID: | 18289.1224593255@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Gregory Stark <stark(at)enterprisedb(dot)com> writes:
> Sort of. SSH requires you to install the certificate of the server locally
> before connecting. If you don't it pops up a big warning and asks if you want
> to install it. On subsequent connections it looks up the key for the name of
> the host you're trying to connect to and insists it match. If it doesn't it
> pops up a *huge* error and refuses to connect.
Um, IIRC what it's checking there is the server's key signature, which
has nada to do with certificates.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Decibel! | 2008-10-21 12:53:48 | Re: contrib/pg_stat_statements |
| Previous Message | Gregory Stark | 2008-10-21 12:40:13 | Re: SSL cleanups/hostname verification |