On Thu, Oct 21, 2004 at 02:10:48PM -0400, Tom Lane wrote:
It was suggested to me off-list that libpq should do
fcntl(fd, F_SETFD, FD_CLOEXEC) on the socket connecting to the server.
This would prevent any child program from accidentally or maliciously
interfering with the connection. It would
I've just spent a while this afternoon attempting to get SSL support
working. It appears to be lacking in a few areas, foremost
documentation. I've got a patch filling in the missing pieces for the
server side, but I am unsure where I should document the client side
bits (~/.postgresql/root.crt
On Tue, Sep 21, 2004 at 10:17:51AM +0200, Peter Eisentraut wrote:
Am Dienstag, 21. September 2004 09:24 schrieb Dominic Mitchell:
I am also unsure of the
procedures for submitting patches; is it ok to just send to hackers?
[EMAIL PROTECTED]
Thanks, I'll send it along
On Tue, Sep 21, 2004 at 10:44:22AM +0200, Kaare Rasmussen wrote:
I think verification of the server certificates is not supported either.
SSL only serves for encryption, not authentication or integrity checking
(which is probably a stupid idea).
I have this feeling that SSL in PostgreSQL
Tom Lane wrote:
[EMAIL PROTECTED] (Dominic Mitchell) writes:
On Tue, Sep 21, 2004 at 10:17:51AM +0200, Peter Eisentraut wrote:
Am Dienstag, 21. September 2004 09:24 schrieb Dominic Mitchell:
In initialize_SSL(), we call SSL_CTX_set_verify(), but we don't pass
in the SSL_VERIFY_FAIL_IF_NO_PEER_CERT
