Quick Links

Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt

From:	Stephen Frost <sfrost(at)snowman(dot)net>
To:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc:	Martin Pitt <mpitt(at)debian(dot)org>, pgsql-bugs(at)postgresql(dot)org
Subject:	Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt
Date:	2009-04-10 18:27:54
Message-ID:	20090410182754.GF8123@tamriel.snowman.net
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-bugs

* Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
> I think I agree with Martin on this. The server doesn't fail if you
> don't provide it a root cert; it just doesn't try to trace client certs
> to the root. It is not apparent why the client should be stricter than
> that, and definitely not apparent why such strictness should be the
> default behavior.

I agree with this. Avoiding spoofing is good, but so is on the wire
encryption even if you don't have anti-spoofing. This is a reasonable
set-up and we shouldn't just fail on it.

Stephen

In response to

Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt at 2009-04-10 14:41:34 from Tom Lane

Responses

Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt at 2009-04-10 19:46:06 from Peter Eisentraut

Browse pgsql-bugs by date

	From	Date	Subject
Next Message	Stephen Frost	2009-04-10 18:32:29	Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt
Previous Message	Peter Eisentraut	2009-04-10 18:21:54	Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt