Am Dienstag, 21. September 2004 09:24 schrieb Dominic Mitchell: > I am also unsure of the > procedures for submitting patches; is it ok to just send to hackers?
[EMAIL PROTECTED] > In initialize_SSL(), we call SSL_CTX_set_verify(), but we don't pass > in the SSL_VERIFY_FAIL_IF_NO_PEER_CERT flag. This means that a client > can present no certificate and still get access to the server. Client-side certificates as an authentication mechanism are not intended to be supported. It might be a nice feature to add, though. > There's nothing that gets logged to say that an SSL connection was > made. This would be useful for testing. Something like logging the > connection as "1.2.3.4/ssl"? That seems reasonable. > In initialize_SSL(), we call SSL_CTX_set_verify_depth(SSL_context, 1). > This should probably be a configurable item. I /think/ it might be > stopping me from successfully verifying the server certificate is > signed by the CA listed in my client's root.crt file, but I'm not > sure. I think verification of the server certificates is not supported either. SSL only serves for encryption, not authentication or integrity checking (which is probably a stupid idea). > In open_client_SSL() again, the call to verify that the CN of the > certificate is the same as the hostname you've connected to is > commented out. So you have no idea whether or not you've connected to > the right server. This seems to match the pattern I described above. -- Peter Eisentraut http://developer.postgresql.org/~petere/ ---------------------------(end of broadcast)--------------------------- TIP 5: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faqs/FAQ.html
