Quick Links

Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Martin Pitt <mpitt(at)debian(dot)org>
Cc:	pgsql-bugs(at)postgresql(dot)org
Subject:	Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt
Date:	2009-04-10 14:41:34
Message-ID:	22593.1239374494@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-bugs

Martin Pitt <mpitt(at)debian(dot)org> writes:
> I do see the benefit of failing to connect to an SSL-enabled server
> *if* I have a root.crt which doesn't match. But why fail if I don't
> have one?

I think I agree with Martin on this. The server doesn't fail if you
don't provide it a root cert; it just doesn't try to trace client certs
to the root. It is not apparent why the client should be stricter than
that, and definitely not apparent why such strictness should be the
default behavior.

regards, tom lane

In response to

Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt at 2009-04-10 14:13:55 from Martin Pitt

Responses

Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt at 2009-04-10 17:14:04 from Magnus Hagander
Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt at 2009-04-10 18:27:54 from Stephen Frost

Browse pgsql-bugs by date

	From	Date	Subject
Next Message	Magnus Hagander	2009-04-10 17:14:04	Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt
Previous Message	Martin Pitt	2009-04-10 14:13:55	Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt