Tom Lane wrote:
> Magnus Hagander <magnus(at)hagander(dot)net> writes:
>> Tom Lane wrote:
>>> In the first place, I have never seen such a prompt, despite the fact
>>> that I use ssh constantly to connect to machines that I know do not have
>>> properly signed certificates.
>> *really*? Here's what I get as an example (after removing the trust):
>> ha(at)mha-laptop:~/.ssh$ ssh cvs.postgresql.org
>> The authenticity of host 'cvs.postgresql.org (126.96.36.199)' can't be
>> DSA key fingerprint is 54:27:10:f3:48:0a:f0:b6:c3:14:79:7e:49:c0:75:f3.
>> Are you sure you want to continue connecting (yes/no)? ^C
> This simply tells you that the machine has a new key since last time you
> talked to it. It doesn't have anything to do with whether the machine's
> cert has been signed by anybody. It also doesn't prevent you from
> operating without a root.crt file of your own.
SSH doesn't have certificates. The trusted key is as close as you get.
You can compare it to ssl with *only* self-signed-certificate. Where it
prompts you to authenticate the fingerprint of said
They do it through a prompt. We do it through a file. But as long as you
in pg only deal with self-signed certs, the outcome is pretty much the same.
In response to
pgsql-bugs by date
|Next:||From: Tom Lane||Date: 2009-04-10 18:21:23|
|Subject: Re: Re: [BUGS] BUG #4027: backslash escaping notdisabled inplpgsql |
|Previous:||From: Tom Lane||Date: 2009-04-10 17:38:56|
|Subject: Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt |