Re: Re: [BUGS] BUG #6189: libpq: sslmode=require verifies server certificate if root.crt is present
| От | Alvaro Herrera |
|---|---|
| Тема | Re: Re: [BUGS] BUG #6189: libpq: sslmode=require verifies server certificate if root.crt is present |
| Дата | |
| Msg-id | 1316785695-sup-1595@alvh.no-ip.org обсуждение исходный текст |
| Ответ на | Re: Re: [BUGS] BUG #6189: libpq: sslmode=require verifies server certificate if root.crt is present (Magnus Hagander <magnus@hagander.net>) |
| Ответы |
Re: Re: [BUGS] BUG #6189: libpq: sslmode=require verifies
server certificate if root.crt is present
|
| Список | pgsql-hackers |
Excerpts from Magnus Hagander's message of vie sep 23 10:39:46 -0300 2011: > On Fri, Sep 23, 2011 at 14:49, Robert Haas <robertmhaas@gmail.com> wrote: > > On Fri, Sep 23, 2011 at 8:38 AM, Magnus Hagander <magnus@hagander.net> wrote: > >> On Fri, Sep 23, 2011 at 14:35, Lou Picciano <loupicciano@comcast.net> wrote: > >>> On Wed, Aug 31, 2011 at 11:59, Srinivas Aji <srinivas.aji@emc.com> wrote: > >>>> > >>>> The following bug has been logged online: > >>>> > >>>> Bug reference: 6189 > >>>> Logged by: Srinivas Aji > >>>> Email address: srinivas.aji@emc.com > >>>> PostgreSQL version: 9.0.4 > >>>> Operating system: Linux > >>>> Description: libpq: sslmode=require verifies server certificate if > >>>> root.crt is present > >>> So basically, the behaviour that is by design is: > >>> * require: if certificate exists, verify. if certificate doesn't > >>> exist, don't verify. > >>> * verify-ca: if certificate exists, verify. if certificate doesn't > >>> exist, disconnect. > > I definitely don't think we should back-patch a behavior change that > > silently weakens security. That's not good. > > > > But what about not doing it in master, either? It seems to me that we > > could avoid ever breaking backward compatibility by adding a new > > option "require-no-verify". > > Hmm. Intersting. and we could then deprecate the "require" option and > kill it off 4 releases later or so, I guess... So we would have sslmode=verify-ca / require-no-verify / verify-full / disable / allow / prefer ? This seems strange to me. Why not have a second option to let the user indicate the desired SSL verification? sslmode=disable/allow/prefer/require sslverify=none/ca-if-present/ca/full (ca-if-present being the current "require" sslmode behavior). We could then deprecate sslmode=verify and verify-full and have them be synonyms of sslmode=require and corresponding sslverify. -- Álvaro Herrera <alvherre@commandprompt.com> The PostgreSQL Company - Command Prompt, Inc. PostgreSQL Replication, Consulting, Custom Development, 24x7 support
В списке pgsql-hackers по дате отправления: