| From: | Greg Stark <stark(at)mit(dot)edu> |
|---|---|
| To: | Heikki Linnakangas <hlinnakangas(at)vmware(dot)com> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: PQgetssl() and alternative SSL implementations |
| Date: | 2014-08-18 22:37:51 |
| Message-ID: | CAM-w4HOLocRzELZ0NJ=niH-LR-bpFZ-Wqo-ABg=2ERLoGDy56Q@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, Aug 18, 2014 at 12:54 PM, Heikki Linnakangas
<hlinnakangas(at)vmware(dot)com> wrote:
> server_cert_valid: Did the server present a valid certificate? "yes" or
> "no"
Is this just whether the signature verifies? Or whether the chain is
all verified? Or whether the chain leads to a root in the directory?
Does it include verifying the CN? How does the CN comparison get done?
I think you either need to decide that libpq will do all the
verification and impose a blanket policy or leave the verification up
to the application and just return each of these properties as
individual boolean flags.
--
greg
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Craig Ringer | 2014-08-19 00:21:10 | Re: Reporting the commit LSN at commit time |
| Previous Message | Kevin Grittner | 2014-08-18 22:25:31 | Re: BUG #11208: Refresh Materialized View Concurrently bug using user Postgres |