Gregory Stark wrote:
Tom Lane [EMAIL PROTECTED] writes:
Actually, I had missed that the OP was looking at 7.3 rather than 8.3.
There was a verify_peer() in 7.3 but it was #ifdef'd out. The
question remains whether there's a reason to have it. It would be good
if the discussion were
Tom Lane wrote:
Dan Kaminsky [EMAIL PROTECTED] writes:
My question has been: When you attempt to create an SSL connection to
database.backend.com, do you actually validate that:
1) The subject name of the certificate you're connecting to is
database.backend.com, and
2) At least
Tom Lane wrote:
Magnus Hagander [EMAIL PROTECTED] writes:
(I don't believe OpenSSL does this verification either, because AFAICS
OpenSSL only ever sees the IP address of the server, and not the FQDN)
In common usages libpq doesn't have the FQDN of the server either.
To impose such a
Well, right now, SSL does nothing for you, so you have to do something.
It's OK, SSL isn't doing a lot for a lot of people, but this is the
beginning of us calling people out on that.
Do feel free to explain how it does nothing for you with properly set
up certificates (see my previous
Good, then we're in agreement that far.
Cool!
(FWIW, I don't think I've ever seen a PostgreSQL server with a
certificate off a global root. I've seen plenty off a corporate root
though, which could in theory have similar issues - but at least you're
in control of your own problem in that
1) No roots (but still works for some unknown reason)
2) Explicitly configured corporate roots
3) Explicitly configured corporate roots, AND global roots
4) Global roots (but still works for some unknown reason)
Keep in mind that at least Debian distributes a ca-certificates package,
and I
The following bug has been logged online:
Bug reference: 4340
Logged by: Dan Kaminsky
Email address: [EMAIL PROTECTED]
PostgreSQL version: 7.3
Operating system: Any
Description:SECURITY: Is SSL Doing Anything?
Details:
http://www.google.com/codesearch?hl=enq
Tom Lane wrote:
Dan Kaminsky [EMAIL PROTECTED] writes:
Clearly, this is handling self-signed certs. Great. But what I really want
to know is, is verify_peer accepting a self-signed identity assertion?
Because that'd be remote EoP.
I'm just guessing what you're driving