| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "Magnus Hagander" <mha(at)sollentuna(dot)net> |
| Cc: | "Martijn van Oosterhout" <kleptog(at)svana(dot)org>, "Florian Weimer" <fw(at)deneb(dot)enyo(dot)de>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Upcoming re-releases |
| Date: | 2006-02-11 17:16:10 |
| Message-ID: | 8731.1139678170@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
"Magnus Hagander" <mha(at)sollentuna(dot)net> writes:
> If you stick a root certificate (root.crt in ~/.postgresql) for it to
> validate against, it will be validated against that root. I'm not sure
> if it validates the common name of the cert though - that would be an
> issue if you're using a global CA. If you're using a local enterprise
> CA, that's a much smaller issue (because you yourself have total control
> over who gets certificates issued by the CA).
But in either case, it would only be checking that the cert had been
issued by that CA, no? Unless you set up a CA that only ever issues
certificates to your PG server, someone else with a cert from the CA
could still impersonate. Or am I mistaken about that?
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Greg Stark | 2006-02-11 17:20:09 | Re: PostgreSQL 8.0.6 crash |
| Previous Message | Magnus Hagander | 2006-02-11 16:51:02 | Re: Upcoming re-releases |