| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | pgsql-bugs(at)postgresql(dot)org |
| Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Bruce Momjian <bruce(at)momjian(dot)us>, Martin Pitt <mpitt(at)debian(dot)org> |
| Subject: | Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt |
| Date: | 2009-04-12 09:13:01 |
| Message-ID: | 200904121213.02863.peter_e@gmx.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
On Sunday 12 April 2009 01:58:26 Magnus Hagander wrote:
> "sslmode=prefer" honestly makes no sense - if I don't care if it ends up
> encrypted or not (which it means), then why not just run with SSL off
> and not have to deal with the overhead?
Perhaps a large part of the problem at hand is in fact that the default is
sslmode=prefer, which, if the server is set up with some snakeoil certificate,
causes all these cn verification problems, when the user really didn't care in
the first place.
Another thing is that not all combinations of sslmode and sslverify make
sense. If the user cares little about SSL ("allow", "prefer"), then insisting
on a verifyable certificate is pointless.
One random idea is to fold both of these settings into sslmode, with the
following progression:
disable, allow, prefer, require, require-cert, require-cn
And then set the default to "disable", because as you say "prefer" is pretty
silly. And then users can explictly choose which level of SSL-ness they want.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2009-04-12 09:52:53 | Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt |
| Previous Message | Magnus Hagander | 2009-04-12 07:16:23 | Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt |