| From: | John Gray <jgray(at)azuli(dot)co(dot)uk> |
|---|---|
| To: | Bear Giles <bgiles(at)coyotesong(dot)com> |
| Cc: | pgsql-patches(at)postgresql(dot)org |
| Subject: | Re: more verbose SSL session info for psql |
| Date: | 2002-05-16 17:46:26 |
| Message-ID: | 1021571189.1379.2.camel@adzuki |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-patches |
On Thu, 2002-05-16 at 05:28, Bear Giles wrote:
[snip]
>
> with the moderately more useful
>
> encrypted connection to eris.example.com
> Chaos and Despair, Unlimited.
> Turmoil Division
> (cipher: DES-CBC3-SHA, bits 168)
>
> (Specifically, the "common name", "organization name" and
> "organizational unit name" fields of the server's cert.)
>
> Before anyone else points it out, anyone can put anything they want
> into their own self-signed cert. So the value of this is limited
> until there's either a trusted local root cert store (like what
> web browsers use) or a trusted PKIX infrastructure. But it's better
> than nothing if you routinely connect to multiple servers, and it
> will get people used to seeing the information.
>
Would it be useful therefore to add [unverified] to the start of the
listing -a trusted certificate verification option later would make this
[verified]? Then the format doesn't change once you implement a trusted
certificate infrastructure.
Regards
John
--
John Gray
Azuli IT
www.azuli.co.uk
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Nigel J. Andrews | 2002-05-16 22:49:18 | libpgtcl - backend version information patch |
| Previous Message | Joe Conway | 2002-05-16 05:30:33 | Re: SRF patch (was Re: [HACKERS] troubleshooting pointers) |