Skip site navigation (1) Skip section navigation (2)

more verbose SSL session info for psql

From: Bear Giles <bgiles(at)coyotesong(dot)com>
To: pgsql-patches(at)postgresql(dot)org
Subject: more verbose SSL session info for psql
Date: 2002-05-16 04:28:01
Message-ID: 200205160428.WAA26571@eris.coyotesong.com (view raw or flat)
Thread:
Lists: pgsql-patches
This is a small patch - many people (including myself) believe that
all encrypted channels should always clearly communicate to the user
the identity and session parameters of the connection.  This allows
the user to decide whether to abort a connection if they find something
unexpected and unacceptable.

This patch only affects psql, and merely replaces

  SSL connection
  (cipher: DES-CBC3-SHA, bits 168)

with the moderately more useful

  encrypted connection to eris.example.com
  Chaos and Despair, Unlimited.
  Turmoil Division
  (cipher: DES-CBC3-SHA, bits 168)

(Specifically, the "common name", "organization name" and
"organizational unit name" fields of the server's cert.)

Before anyone else points it out, anyone can put anything they want
into their own self-signed cert.  So the value of this is limited
until there's either a trusted local root cert store (like what
web browsers use) or a trusted PKIX infrastructure.  But it's better
than nothing if you routinely connect to multiple servers, and it
will get people used to seeing the information.

Bear

Responses

pgsql-patches by date

Next:From: Joe ConwayDate: 2002-05-16 05:16:28
Subject: Re: SRF patch (was Re: [HACKERS] troubleshooting pointers)
Previous:From: Tom LaneDate: 2002-05-14 23:15:14
Subject: Re: SRF patch (was Re: [HACKERS] troubleshooting pointers)

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group