Skip site navigation (1) Skip section navigation (2)

Re: SSL Support

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: dom(at)happygiraffe(dot)net (Dominic Mitchell)
Cc: Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: SSL Support
Date: 2004-09-21 13:52:50
Message-ID: 292.1095774770@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackers
dom(at)happygiraffe(dot)net (Dominic Mitchell) writes:
> On Tue, Sep 21, 2004 at 10:17:51AM +0200, Peter Eisentraut wrote:
>> Am Dienstag, 21. September 2004 09:24 schrieb Dominic Mitchell:
>>> In initialize_SSL(), we call SSL_CTX_set_verify(), but we don't pass
>>> in the SSL_VERIFY_FAIL_IF_NO_PEER_CERT flag.  This means that a client
>>> can present no certificate and still get access to the server.

> The code is all there to do so, pretty much.  What it's missing is a few
> toggles to make it say "I want to enforce this to happen".

This is intentional.  See past discussions.

			regards, tom lane

In response to

Responses

pgsql-hackers by date

Next:From: Bruce MomjianDate: 2004-09-21 14:16:54
Subject: Re: CVS configure failure
Previous:From: Andrew DunstanDate: 2004-09-21 13:47:57
Subject: Re: psql: FATAL: Password authentication failed for

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group