Skip site navigation (1) Skip section navigation (2)

Re: libpq: system-wide root.crt

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Magnus Hagander <magnus(at)hagander(dot)net>
Cc: pgsql-bugs(at)postgresql(dot)org, Stephen Gran <sgran(at)debian(dot)org>, DSA list <debian-admin(at)lists(dot)debian(dot)org>
Subject: Re: libpq: system-wide root.crt
Date: 2010-09-23 16:31:33
Message-ID: 9721.1285259493@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-bugs
Magnus Hagander <magnus(at)hagander(dot)net> writes:
> On Thu, Aug 19, 2010 at 23:11, Martin Pitt <mpitt(at)debian(dot)org> wrote:
>>> I received a request to support system-wide root certificates in
>>> libpq.

> I wonder if we want to have a default value for this rather than
> disabling it when it's not specified by configure. But is there any
> kind of reasonable default that's not going to be
> platform/distribution specific?

Given the potential security issues, I would argue very strenuously
that this should NOT be enabled by default.  It should happen only
if the option is requested at configure time, and configure should
be told the exact path where to look for certs.

			regards, tom lane

In response to

pgsql-bugs by date

Next:From: Tom LaneDate: 2010-09-23 18:08:18
Subject: Re: BUG #5673: Optimizer creates strange execution plan leading to wrong results
Previous:From: David SchmittDate: 2010-09-23 16:22:11
Subject: Re: BUG #5673: Optimizer creates strange execution plan leading to wrong results

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group