On Tue, Oct 3, 2017 at 1:15 PM, Zeus Kronion <zkron...@gmail.com> wrote: > I previously made one minuscule contribution to the project two years ago. > I'm interested in doing some more, and I'm trying to figure out what to > focus on. Two SSL-related projects caught my attention: > 1) Allow automatic selection of SSL client certificates from a certificate > store (https://www.postgresql.org/message-id/8766.1241799...@sss.pgh.pa.us). > It seems relatively straightforward to support an additional file format for > key-value pairs in postgresql.crt/.key, and I think this is something I > could take on if it's still desired. > 2) I was surprised to learn the following from the docs:
One other thing that could be improved, and that has been already asked for is improvement for passphrase handling, particularly since SSL parameters can be reloaded, by adding for example a new GUC parameter that calls a shell command which outputs what is wanted to stdout. It could be tricky to implement as the postmaster should be able to handle requests when launching the command. But I think you get the idea. >> By default, PostgreSQL will not perform any verification of the server >> certificate. This means that it is possible to spoof the server identity >> (for example by modifying a DNS record or by taking over the server IP >> address) without the client knowing. In order to prevent spoofing, SSL >> certificate verification must be used. > > Is there a technical reason to perform no verification by default? Wouldn't > a safer default be desirable? It would be nice to get into a stronger default with "require" at least, the recommendation is to use at least "verify-ca" for any serious deployment. Note that not long ago there were arguments about how the default value of sslmode called 'prefer' is good at giving a false sense of security, but this led nowhere (can't put my hands on this thread now..). -- Michael -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers