Re: BUG #4340: SECURITY: Is SSL Doing Anything?

From: Magnus Hagander <magnus(at)hagander(dot)net>
To: Peter Eisentraut <peter_e(at)gmx(dot)net>
Cc: pgsql-bugs(at)postgresql(dot)org, Dan Kaminsky <dan(at)doxpara(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Gregory Stark <stark(at)enterprisedb(dot)com>, Alvaro Herrera <alvherre(at)commandprompt(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>
Subject: Re: BUG #4340: SECURITY: Is SSL Doing Anything?
Date: 2008-08-20 11:56:56
Message-ID: 48AC0688.8090501@hagander.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

Peter Eisentraut wrote:
> Dan Kaminsky wrote:
>>>> 1) No roots (but still works for some unknown reason)
>>>> 2) Explicitly configured corporate roots
>>>> 3) Explicitly configured corporate roots, AND global roots
>>>> 4) Global roots (but still works for some unknown reason)
>
>> So, if you do nothing special, it's #1? Sounds like the path of least
>> resistance is no security. Uh oh.
>
> Yeah, in the average, if not common case, a user interested in SSL use would
> probably just follow the recipe in the documentation for creating and
> installing a self-signed certificate with no certificate checking in the
> client. Which, as you correctly observe, is pretty much completely useless.
>
> Someone should probably redesign, reconfigure, and redocument this.

Agreed.

I'd like to suggest that for the "easy fix" (without supporting custom
callbacks and whatever) we create a new connection parameter called
"sslverifypeer". It can be set to "verifypeer", "verifycert" or "off".
When set to "verifypeer", we will verify the peer name and the
certificate. When "verifycert" we just verify the certificate, fail if
we can't find a root certificate, but ignore the common name. "off"
should be self-explaining.

I'd set the default to "verifypeer" in 8.4 and up, but backpatch it with
a default of "off". That way we don't break existing setups, but give
users the ability to verify if if they want to.

Comments?

//Magnus

In response to

Responses

Browse pgsql-bugs by date

  From Date Subject
Next Message Tom Lane 2008-08-20 12:35:19 Re: BUG #4340: SECURITY: Is SSL Doing Anything?
Previous Message Peter Eisentraut 2008-08-20 11:39:28 Re: BUG #4340: SECURITY: Is SSL Doing Anything?