| From: | David Fetter <david(at)fetter(dot)org> |
|---|---|
| To: | Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | PG Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Re: [BUGS] BUG #6189: libpq: sslmode=require verifies server certificate if root.crt is present |
| Date: | 2011-09-12 18:20:20 |
| Message-ID: | 20110912182020.GA14015@fetter.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs pgsql-hackers |
On Mon, Sep 12, 2011 at 07:37:23PM +0200, Magnus Hagander wrote:
> On Mon, Sep 12, 2011 at 19:21, David Fetter <david(at)fetter(dot)org> wrote:
> > On Wed, Aug 31, 2011 at 09:59:18AM +0000, Srinivas Aji wrote:
> >>
> >> The following bug has been logged online:
> >>
> >> Bug reference: 6189
> >> Logged by: Srinivas Aji
> >> Email address: srinivas(dot)aji(at)emc(dot)com
> >> PostgreSQL version: 9.0.4
> >> Operating system: Linux
> >> Description: libpq: sslmode=require verifies server certificate if
> >> root.crt is present
> >> Details:
> >>
> >> >From the documentation of sslmode values in
> >> http://www.postgresql.org/docs/9.0/static/libpq-ssl.html ,
> >> it looks like libpq will not verify the server certificate when the option
> >> sslmode=require is used, and will perform different levels of certificate
> >> verification in the cases sslmode=verify-ca and sslmode=verify-full.
> >>
> >> The observed behaviour is a bit different. If the ~/.postgresql/root.crt
> >> file (or any other filename set through sslrootcert option) is found,
> >> sslmode=require also performs the same level of certificate verification as
> >> verify-ca. The difference between require and verify-ca is that it is an
> >> error for the file to not exist when sslmode is verify-ca.
> >>
> >> Thanks,
> >> Srinivas
> >
> > It looks to me like there could at least in theory be an attack vector
> > or two that we're not covering with this bug. Anybody want to tackle
> > same?
>
> I haven't checked the code yet, but from the report it sounds like
> we're checking *too much* - how could that be an attack vector?
Well, "too much checking," classically, is a source of denial of
service attacks. It's not a super likely source, but it's a source,
and it'd be better to fix it than leave it lie. :)
Cheers,
David.
--
David Fetter <david(at)fetter(dot)org> http://fetter.org/
Phone: +1 415 235 3778 AIM: dfetter666 Yahoo!: dfetter
Skype: davidfetter XMPP: david(dot)fetter(at)gmail(dot)com
iCal: webcal://www.tripit.com/feed/ical/people/david74/tripit.ics
Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Merlin Moncure | 2011-09-12 19:28:48 | Re: Problem with the 9.1 one-click installer Windows7 64bit |
| Previous Message | Magnus Hagander | 2011-09-12 17:37:23 | Re: Re: [BUGS] BUG #6189: libpq: sslmode=require verifies server certificate if root.crt is present |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2011-09-12 18:36:02 | xlog file naming |
| Previous Message | Peter Eisentraut | 2011-09-12 18:14:44 | Re: psql additions |