| From: | "Knut P Lehre" <k(dot)p(dot)lehre(at)world-online(dot)no> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | SSL client crt verification |
| Date: | 2005-08-26 13:23:18 |
| Message-ID: | 42BFF0E800000CD1@cpfe4.be.tisc.dk |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Tried doc search, pgsql-general and #postgresql.
Server: 7.4.8 on Red Hat EL4. Client psql 8.0.3 on WinXP.
Using a test server.crt and server.key, as described in 8.0 docs 16.8, I
can activate SSL encryption (WinXP 8.0.3 psql reports "SSL Connection" at
connect), and as expected, the server log reports that root.crt is not found.
If I copy server.crt to root.crt and start up server again, the missing
root.crt message disappears. But I can still connect with psql with no postgresql.crt
on client (docs 27.13). Apparently, the root.crt, which in this case is
a copy of server.crt, is not interpreted as a CA crt, but how does the server
know? Isn't a CA cert just a self signed crt? Why is there not a warning
that client authentication will not take place, when it apparently does
not? Does the server only check that a root.crt file is present, and not
that is contains valid information?
Comments appreciated
KPL
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Hiroshi Saito | 2005-08-26 14:06:49 | Re: [ANNOUNCE] Welcome Core Team member Dave Page |
| Previous Message | Michael Meskes | 2005-08-26 13:09:11 | Re: [HACKERS] ECPG ignores SAVEPOINT if first statement of a transaction |