Re: SSL cleanups/hostname verification

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: Magnus Hagander <magnus(at)hagander(dot)net>
Cc: Robert Haas <robertmhaas(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PG Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: SSL cleanups/hostname verification
Date: 2008-10-21 08:04:02
Message-ID: 48FD8CF2.8040803@gmx.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Magnus Hagander wrote:
> Robert Haas wrote:
>>>> How can you make that the default? Won't it immediately break every
>>>> installation without certificates?
>>> *all* SSL installations have certificate on the server side. You cannot
>>> run without it.
>> s/without certificates/with self-signed certificates/
>>
>> which I would guess to be a common configuration
>
> Self-signed still work. In a self-signed scenario, the server
> certificate *is* the CA certificate.

But the user needs to copy the CA to the client, which most people
probably don't do nowadays.

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Magnus Hagander 2008-10-21 08:09:42 Re: SSL cleanups/hostname verification
Previous Message Peter Eisentraut 2008-10-21 08:02:11 Re: SSL cleanups/hostname verification