| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | Martin Pitt <mpitt(at)debian(dot)org>, pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt |
| Date: | 2009-04-10 17:38:56 |
| Message-ID: | 26390.1239385136@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Magnus Hagander <magnus(at)hagander(dot)net> writes:
> Tom Lane wrote:
>> In the first place, I have never seen such a prompt, despite the fact
>> that I use ssh constantly to connect to machines that I know do not have
>> properly signed certificates.
> *really*? Here's what I get as an example (after removing the trust):
> ha(at)mha-laptop:~/.ssh$ ssh cvs.postgresql.org
> The authenticity of host 'cvs.postgresql.org (217.196.146.206)' can't be
> established.
> DSA key fingerprint is 54:27:10:f3:48:0a:f0:b6:c3:14:79:7e:49:c0:75:f3.
> Are you sure you want to continue connecting (yes/no)? ^C
This simply tells you that the machine has a new key since last time you
talked to it. It doesn't have anything to do with whether the machine's
cert has been signed by anybody. It also doesn't prevent you from
operating without a root.crt file of your own.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2009-04-10 17:56:14 | Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt |
| Previous Message | Magnus Hagander | 2009-04-10 17:34:59 | Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt |