Re: Refuse SSL patch
| От | Bruce Momjian |
|---|---|
| Тема | Re: Refuse SSL patch |
| Дата | |
| Msg-id | 200301071701.h07H1mR21809@candle.pha.pa.us обсуждение исходный текст |
| Ответ на | Re: Refuse SSL patch (Jon Jensen <jon@endpoint.com>) |
| Ответы |
Re: Refuse SSL patch
|
| Список | pgsql-patches |
Jon Jensen wrote: > > But doesn't pg_hba.conf do that already, in that you say 'host' for the > > local ip, but ssl for the remote ip's? > > The proposed SSLMODE is a client-side configuration option to supercede > REQUIRESSL, which is also a client configuration option. Here's the > problem: > > 1. The client always tries to connect via SSL if SSL support was compiled > in. There is no way to change this presently. > 2. If the server can do SSL *at all*, it negotiates an SSL connection with > the client. Oh, that is a key thing I didn't know. Seems we should just add a libpq PREVENTSSL option and be done with it. Seems clearer than numbers, and hits the most useful functionality. If they set REQUIRESSL and PREVENTSSL, we throw an error. Right now, if they set 'host' in pg_hba.conf, and the client knows SSL, we use it. Your idea had the additional functionality of preferring non-SSL if the server knew SSL but had 'host' in pg_hba.conf. > But on the other hand, we want some control on the server as well -- we > may want to disallow SSL connections from a certain IP address, if nothing > else just to make sure a client doesn't accidentally use SSL over the > local network because someone forgets not to use it. Otherwise we could be > accidentally using SSL on the local network and killing performance. So I > added a 'hostnossl' option to pg_hba.conf, which will allow only non-SSL > connections from certain IP addresses. Perhaps your idea of 'hostnossl' in pg_hba.conf is a good one. That way, both client and server would have the ability to say never or only SSL. It allows more central control. So, in negotiation, that only leaves open the question of what happens when none of those are set, and it seems we prefer SSL in such cases. Is that the correct default? In fact, once we have 'hostnossl' why do we need PREVENTSSL in libpq? -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073
В списке pgsql-patches по дате отправления: