Skip site navigation (1) Skip section navigation (2)

BUG #6189: libpq: sslmode=require verifies server certificate if root.crt is present

From: "Srinivas Aji" <srinivas(dot)aji(at)emc(dot)com>
To: pgsql-bugs(at)postgresql(dot)org
Subject: BUG #6189: libpq: sslmode=require verifies server certificate if root.crt is present
Date: 2011-08-31 09:59:18
Message-ID: 201108310959.p7V9xIRp030425@wwwmaster.postgresql.org (view raw or flat)
Thread:
Lists: pgsql-bugspgsql-hackers
The following bug has been logged online:

Bug reference:      6189
Logged by:          Srinivas Aji
Email address:      srinivas(dot)aji(at)emc(dot)com
PostgreSQL version: 9.0.4
Operating system:   Linux
Description:        libpq: sslmode=require verifies server certificate if
root.crt is present
Details: 

From the documentation of sslmode values in
http://www.postgresql.org/docs/9.0/static/libpq-ssl.html ,
it looks like libpq will not verify the server certificate when the option
sslmode=require is used, and will perform different levels of certificate
verification in the cases sslmode=verify-ca and sslmode=verify-full.

The observed behaviour is a bit different. If the ~/.postgresql/root.crt
file (or any other filename set through sslrootcert option) is found,
sslmode=require also performs the same level of certificate verification as
verify-ca. The difference between require and verify-ca is that it is an
error for the file to not exist when sslmode is verify-ca.

Thanks,
Srinivas

Responses

pgsql-hackers by date

Next:From: Peter EisentrautDate: 2011-08-31 10:22:04
Subject: Re: limit in subquery causes poor selectivity estimation
Previous:From: Albe LaurenzDate: 2011-08-31 09:34:31
Subject: Re: postgesql-9.0.4 compile on AIX 6.1 using gcc 4.4.6

pgsql-bugs by date

Next:From: Tom LaneDate: 2011-08-31 21:11:50
Subject: Re: BUG #6186: out of memory while analyze
Previous:From: John R PierceDate: 2011-08-31 06:14:41
Subject: Re: BUG #6186: out of memory while analyze

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group