From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | dom(at)happygiraffe(dot)net (Dominic Mitchell) |
Cc: | pgsql-patches(at)postgresql(dot)org, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: doc patch for ssl in server |
Date: | 2004-09-23 21:26:28 |
Message-ID: | 12154.1095974788@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers pgsql-patches |
dom(at)happygiraffe(dot)net (Dominic Mitchell) writes:
> On Thu, Sep 23, 2004 at 04:37:52PM -0400, Tom Lane wrote:
>> That last statement is not actually correct, is it? AFAICS we do tell
>> SSL to enforce certificates if we find a valid root.crt file.
> According to the docs[1], you also need
> SSL_VERIFY_FAIL_IF_NO_PEER_CERT if you want requests that do not send a
> certificate to be rejected. That terminates the connection immediately.
> [1] http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html
Hmm. Reading the SSL man page more closely, you're right. This is a bug
IMHO --- the intention was that presence of a root.crt file would force
verification. What we wanted to do was to allow servers to operate
without a root.crt file if they didn't care about verifying client
certificates.
It looks like the original coder simply got this backwards: the backend
code doesn't set SSL_VERIFY_FAIL_IF_NO_PEER_CERT, but the frontend code
does, which is silly because the flag is ignored on the client side.
Does anyone see a reason not to turn on SSL_VERIFY_FAIL_IF_NO_PEER_CERT
on the backend side?
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2004-09-23 21:37:04 | Re: SQL-Invoked Procedures for 8.1 |
Previous Message | Tom Lane | 2004-09-23 21:12:56 | Re: SQL-Invoked Procedures for 8.1 |
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2004-09-23 23:26:19 | Re: ALTER TABLE .. OWNER TO and sequences |
Previous Message | Dominic Mitchell | 2004-09-23 21:11:58 | Re: doc patch for ssl in server |