| From: | Bear Giles <bgiles(at)coyotesong(dot)com> |
|---|---|
| To: | pgsql-patches(at)postgresql(dot)org |
| Subject: | more verbose SSL session info for psql |
| Date: | 2002-05-16 04:28:01 |
| Message-ID: | 200205160428.WAA26571@eris.coyotesong.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-patches |
This is a small patch - many people (including myself) believe that
all encrypted channels should always clearly communicate to the user
the identity and session parameters of the connection. This allows
the user to decide whether to abort a connection if they find something
unexpected and unacceptable.
This patch only affects psql, and merely replaces
SSL connection
(cipher: DES-CBC3-SHA, bits 168)
with the moderately more useful
encrypted connection to eris.example.com
Chaos and Despair, Unlimited.
Turmoil Division
(cipher: DES-CBC3-SHA, bits 168)
(Specifically, the "common name", "organization name" and
"organizational unit name" fields of the server's cert.)
Before anyone else points it out, anyone can put anything they want
into their own self-signed cert. So the value of this is limited
until there's either a trusted local root cert store (like what
web browsers use) or a trusted PKIX infrastructure. But it's better
than nothing if you routinely connect to multiple servers, and it
will get people used to seeing the information.
Bear
| Attachment | Content-Type | Size |
|---|---|---|
| diff | text/plain | 1.8 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joe Conway | 2002-05-16 05:16:28 | Re: SRF patch (was Re: [HACKERS] troubleshooting pointers) |
| Previous Message | Tom Lane | 2002-05-14 23:15:14 | Re: SRF patch (was Re: [HACKERS] troubleshooting pointers) |