Skip site navigation (1) Skip section navigation (2)

Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: pgsql-bugs(at)postgresql(dot)org
Cc: Stephen Frost <sfrost(at)snowman(dot)net>, Martin Pitt <mpitt(at)debian(dot)org>
Subject: Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt
Date: 2009-04-10 19:50:00
Message-ID: 200904102250.01691.peter_e@gmx.net (view raw or flat)
Thread:
Lists: pgsql-bugs
On Friday 10 April 2009 21:32:29 Stephen Frost wrote:
> A properly configured server could cause a failure too unless the client
> is *also* properly configured.  Sure, it's good for people to do.  No, I
> don't think we should break things if people don't build out a whole PKI
> for PG and configure all their certs correctly.  It's pie-in-the-sky to
> think everyone will do that, and in the end most will just say "SSL
> breaks stuff, so we'll disable it" which certainly isn't better.

That's debatable.  I think it's better.

> > But it's a default, so the user can change it.
>
> It should be the default to connect, maybe with a warning.

If you connect with a warning, you have possibly already given up sensitive 
information.  That's no good.

> > Consider the analogy that a new web browser comes out that verifies
> > server certificates (as of course all respectable browsers do nowadays)
> > whereas the previous version one didn't.  The right fix there is
> > certainly not to downgrade this to a warning when connecting to an older
> > web server.
>
> Uh, no, the right fix is to have a warning/prompt (as pretty much all
> web browsers today do) but then continue to connect.

Yes, this was under discussion a while ago but no one wanted to implement it.

> Also, the
> web-browser analogy completely falls apart when you consider that the
> use case is significantly different (how many times have you connected
> to a PG server that you didn't know?).

This is a fuzzy argument.  What do you mean by "know", and how do you verify 
what you "know" and whether what you "know" is correct?  And why are you using 
SSL at all if you think you "know" everything?

In response to

Responses

pgsql-bugs by date

Next:From: Tom LaneDate: 2009-04-10 19:50:02
Subject: Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt
Previous:From: Peter EisentrautDate: 2009-04-10 19:46:06
Subject: Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group