| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PG Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: SSL cleanups/hostname verification |
| Date: | 2008-10-21 08:09:42 |
| Message-ID: | 10285AE4-9A0F-4740-B753-70B7BC1CF7E3@hagander.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 21 okt 2008, at 10.04, Peter Eisentraut <peter_e(at)gmx(dot)net> wrote:
> Magnus Hagander wrote:
>> Robert Haas wrote:
>>>>> How can you make that the default? Won't it immediately break
>>>>> every
>>>>> installation without certificates?
>>>> *all* SSL installations have certificate on the server side. You
>>>> cannot
>>>> run without it.
>>> s/without certificates/with self-signed certificates/
>>>
>>> which I would guess to be a common configuration
>> Self-signed still work. In a self-signed scenario, the server
>> certificate *is* the CA certificate.
>
> But the user needs to copy the CA to the client, which most people
> probably don't do nowadays.
True. I'll update the docs to make this even more clear, for those who
don't know ssl. I still consider that a feature and not a problem ..
/magnus
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Matthieu Imbert | 2008-10-21 08:21:38 | binary representation of datatypes |
| Previous Message | Peter Eisentraut | 2008-10-21 08:04:02 | Re: SSL cleanups/hostname verification |