Bear Giles writes:
> *) certs are fully validated - valid root certs must be available.
> This is a hassle, but it means that you *can* trust the identity
> of the server.
I'm confused. We currently don't have SSL-based authentication, so why do
we have certificates at all?
> *) the client library can handle hardcoded root certificates, to
> avoid the need to copy these files.
Hardcoding is evil.
> *) host name of server cert must resolve to IP address, or be a
> recognized alias. This is more liberal than the previous
Which is the standard/recommended practice?
> *) the number of bytes transferred is tracked, and the session
> key is periodically renegotiated.
> *) basic cert generation scripts (mkcert.sh, pgkeygen.sh). The
> configuration files have reasonable defaults for each type
> of use.
Again, what are these certificate management tools for if we don't have
any need for certificates?
About the code:
* no // comments
* no fprintf(stderr, ...) in library functions
* read_SSL/write_SSL -- If you think these functions are misnamed, rename
* Isn't there an automated way to generated error message from error codes
Peter Eisentraut peter_e(at)gmx(dot)net
In response to
pgsql-patches by date
|Next:||From: Neil Conway||Date: 2002-05-22 18:28:49|
|Subject: Re: libpq++ fixes|
|Previous:||From: Bear Giles||Date: 2002-05-21 07:36:09|
|Subject: 2nd revision of SSL patches|