Skip site navigation (1) Skip section navigation (2)

Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt

From: Magnus Hagander <magnus(at)hagander(dot)net>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Martin Pitt <mpitt(at)debian(dot)org>, pgsql-bugs(at)postgresql(dot)org
Subject: Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt
Date: 2009-04-10 17:56:14
Message-ID: (view raw or whole thread)
Lists: pgsql-bugs
Tom Lane wrote:
> Magnus Hagander <magnus(at)hagander(dot)net> writes:
>> Tom Lane wrote:
>>> In the first place, I have never seen such a prompt, despite the fact
>>> that I use ssh constantly to connect to machines that I know do not have
>>> properly signed certificates.
>> *really*? Here's what I get as an example (after removing the trust):
>> ha(at)mha-laptop:~/.ssh$ ssh
>> The authenticity of host ' (' can't be
>> established.
>> DSA key fingerprint is 54:27:10:f3:48:0a:f0:b6:c3:14:79:7e:49:c0:75:f3.
>> Are you sure you want to continue connecting (yes/no)? ^C
> This simply tells you that the machine has a new key since last time you
> talked to it.  It doesn't have anything to do with whether the machine's
> cert has been signed by anybody.  It also doesn't prevent you from
> operating without a root.crt file of your own.

SSH doesn't have certificates. The trusted key is as close as you get.
You can compare it to ssl with *only* self-signed-certificate. Where it
prompts you to authenticate the fingerprint of said

They do it through a prompt. We do it through a file. But as long as you
in pg only deal with self-signed certs, the outcome is pretty much the same.


In response to

pgsql-bugs by date

Next:From: Tom LaneDate: 2009-04-10 18:21:23
Subject: Re: Re: [BUGS] BUG #4027: backslash escaping notdisabled inplpgsql
Previous:From: Tom LaneDate: 2009-04-10 17:38:56
Subject: Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt

Privacy Policy | About PostgreSQL
Copyright © 1996-2015 The PostgreSQL Global Development Group