| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | PG Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: SSL cleanups/hostname verification |
| Date: | 2008-10-20 18:28:07 |
| Message-ID: | 48FCCDB7.2020804@hagander.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Tom Lane wrote:
> Magnus Hagander <magnus(at)hagander(dot)net> writes:
>> Attached patch cleans up the certificate verification in libpq, and adds
>> a configuration paraqmeter to control it. The new parameter is
>> "sslverify", and can be set to:
>
>> * cn = default = will validate that the certificate chains to a trusted
>> root, *and* that the cn on the certificate matches the hostname
>> specificed in the connection. This is the only option that prevents
>> man-in-the-middle attacks completely, and therefor is the default.
>
> How can you make that the default? Won't it immediately break every
> installation without certificates?
*all* SSL installations have certificate on the server side. You cannot
run without it.
And obviously the setting only has effect if you are actually running
over SSL.
> The patch seems pretty far short of sufficient as far as supporting a
> new conninfo option goes --- for instance it appears to leak the string
> at disconnect. Check through all the references to some existing option
> field to see if you missed anything else.
Hmm. yeah, I hadn't finished that part - and promptly forgot about that
:S Will look it over again.
//Magnus
| From | Date | Subject | |
|---|---|---|---|
| Next Message | John DeSoi | 2008-10-20 18:56:21 | Re: Lisp as a procedural language? |
| Previous Message | Heikki Linnakangas | 2008-10-20 18:11:41 | Re: Index use during Hot Standby |