| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Zeus Kronion <zkronion(at)gmail(dot)com> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Possible SSL improvements for a newcomer to tackle |
| Date: | 2017-10-03 04:33:00 |
| Message-ID: | 17344.1507005180@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Zeus Kronion <zkronion(at)gmail(dot)com> writes:
> 2) I was surprised to learn the following from the docs:
>> By default, PostgreSQL will not perform any verification of the server
>> certificate.
> Is there a technical reason to perform no verification by default? Wouldn't
> a safer default be desirable?
I'm not an SSL expert, so insert appropriate grain of salt, but AIUI the
question is what are you going to verify against? You need some local
notion of which are your trusted root certificates before you can verify
anything. So to default to verification would be to default to failing to
connect at all until user has created a ~/.postgresql/root.crt file with
valid, relevant entries. That seems like a nonstarter.
It's possible that we could adopt some policy like "if the root.crt file
exists then default to verify" ... but that seems messy and unreliable,
so I'm not sure it would really add any security.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2017-10-03 04:35:06 | Re: Possible SSL improvements for a newcomer to tackle |
| Previous Message | Tom Lane | 2017-10-03 04:21:02 | Re: Conversion error |