Re: PQgetssl() and alternative SSL implementations
| От | Heikki Linnakangas |
|---|---|
| Тема | Re: PQgetssl() and alternative SSL implementations |
| Дата | |
| Msg-id | 53F37DF3.5070107@vmware.com обсуждение исходный текст |
| Ответ на | Re: PQgetssl() and alternative SSL implementations (Magnus Hagander <magnus@hagander.net>) |
| Список | pgsql-hackers |
On 08/19/2014 06:00 PM, Magnus Hagander wrote: > On Tue, Aug 19, 2014 at 4:48 PM, Stephen Frost <sfrost@snowman.net> wrote: >> * Heikki Linnakangas (hlinnakangas@vmware.com) wrote: >>> server_cert_valid: Did the server present a valid certificate? >>> "yes" or "no" >>> >>> server_cert_matches_host: Does the Common Name of the certificate >>> match the host connected to? "yes" or "no" >> >> Aren't these questions addressed by sslmode? > > Not entirely. You can have sslmode=require and have a matching > certificate. You don't *have* to have sslmode=verify-full for that. > > However, whether it makes *sense* without sslmode is another story - > but assuming you use something like kerberos for auth, it might. For > password, you've already lost once you get that far. Hmm, right, because the client application doesn't get control between libpq doing the SSL negotiation and sending the password to the server. So if after connecting you decided that you don't actually trust the server, you've already sent to password. Not good. You might think that you could try connecting without password first, and try again with the password, but that's not safe either, because there's no guarantee that the second connection reaches the same server as the first one. I think we need a callback or new asynchronous polling state after SSL negotiation but before libpq sends the password to the server. But that's a separate feature and patch. - Heikki
В списке pgsql-hackers по дате отправления: