Skip site navigation (1) Skip section navigation (2)

Re: libpq 8.4 beta1: $PGHOST complains about missingroot.crt

From: Stephen Frost <sfrost(at)snowman(dot)net>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Martin Pitt <mpitt(at)debian(dot)org>, pgsql-bugs(at)postgresql(dot)org
Subject: Re: libpq 8.4 beta1: $PGHOST complains about missingroot.crt
Date: 2009-04-10 18:27:54
Message-ID: 20090410182754.GF8123@tamriel.snowman.net (view raw or flat)
Thread:
Lists: pgsql-bugs
* Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
> I think I agree with Martin on this.  The server doesn't fail if you
> don't provide it a root cert; it just doesn't try to trace client certs
> to the root.  It is not apparent why the client should be stricter than
> that, and definitely not apparent why such strictness should be the
> default behavior.

I agree with this.  Avoiding spoofing is good, but so is on the wire
encryption even if you don't have anti-spoofing.  This is a reasonable
set-up and we shouldn't just fail on it.

	Stephen

In response to

Responses

pgsql-bugs by date

Next:From: Stephen FrostDate: 2009-04-10 18:32:29
Subject: Re: libpq 8.4 beta1: $PGHOST complains about missingroot.crt
Previous:From: Peter EisentrautDate: 2009-04-10 18:21:54
Subject: Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group