Zeus Kronion <zkron...@gmail.com> writes: > 2) I was surprised to learn the following from the docs:
>> By default, PostgreSQL will not perform any verification of the server >> certificate. > Is there a technical reason to perform no verification by default? Wouldn't > a safer default be desirable? I'm not an SSL expert, so insert appropriate grain of salt, but AIUI the question is what are you going to verify against? You need some local notion of which are your trusted root certificates before you can verify anything. So to default to verification would be to default to failing to connect at all until user has created a ~/.postgresql/root.crt file with valid, relevant entries. That seems like a nonstarter. It's possible that we could adopt some policy like "if the root.crt file exists then default to verify" ... but that seems messy and unreliable, so I'm not sure it would really add any security. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers