| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Srinivas Aji <srinivas(dot)aji(at)emc(dot)com> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [BUGS] BUG #6189: libpq: sslmode=require verifies server certificate if root.crt is present |
| Date: | 2011-09-23 11:28:09 |
| Message-ID: | CABUevExm7ZsVasLX3wfG7gzk2opaCwRtU=ztg6rErS5yNxPonA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs pgsql-hackers |
On Wed, Aug 31, 2011 at 11:59, Srinivas Aji <srinivas(dot)aji(at)emc(dot)com> wrote:
>
> The following bug has been logged online:
>
> Bug reference: 6189
> Logged by: Srinivas Aji
> Email address: srinivas(dot)aji(at)emc(dot)com
> PostgreSQL version: 9.0.4
> Operating system: Linux
> Description: libpq: sslmode=require verifies server certificate if
> root.crt is present
> Details:
>
> From the documentation of sslmode values in
> http://www.postgresql.org/docs/9.0/static/libpq-ssl.html ,
> it looks like libpq will not verify the server certificate when the option
> sslmode=require is used, and will perform different levels of certificate
> verification in the cases sslmode=verify-ca and sslmode=verify-full.
>
> The observed behaviour is a bit different. If the ~/.postgresql/root.crt
> file (or any other filename set through sslrootcert option) is found,
> sslmode=require also performs the same level of certificate verification as
> verify-ca. The difference between require and verify-ca is that it is an
> error for the file to not exist when sslmode is verify-ca.
I looked at this again, and I'm pretty sure we did this intentionally.
The idea being that before we had the verify-ca/verify-full options,
adding the root cert would enable the verification. And we didn't want
to turn installations that previously did verify the certificate to
stop doing so in the new version.
So basically, the behaviour that is by design is:
* require: if certificate exists, verify. if certificate doesn't
exist, don't verify.
* verify-ca: if certificate exists, verify. if certificate doesn't
exist, disconnect.
The question is, have we had the new options long enough now that we
should change it so that we don't verify the cert in the case of
cert-exists-but-verification-wasn't-explicitly-asked-for?
Or should we just update the documentation to mention how this works?
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Lou Picciano | 2011-09-23 12:35:28 | Re: Re: [BUGS] BUG #6189: libpq: sslmode=require verifies server certificate if root.crt is present |
| Previous Message | Kyotaro HORIGUCHI | 2011-09-23 09:16:47 | Re: [v9.2] make_greater_string() does not return a string in some cases |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2011-09-23 11:43:17 | Re: patch: plpgsql - remove unnecessary ccache search when a array variable is updated |
| Previous Message | Kyotaro HORIGUCHI | 2011-09-23 09:16:47 | Re: [v9.2] make_greater_string() does not return a string in some cases |