Re: Re: [BUGS] BUG #6189: libpq: sslmode=require verifies server certificate if root.crt is present
| От | Magnus Hagander |
|---|---|
| Тема | Re: Re: [BUGS] BUG #6189: libpq: sslmode=require verifies server certificate if root.crt is present |
| Дата | |
| Msg-id | CABUevEx5PGYrK1p1=sqORCtASXrzFMxkb5g=dez+PTuDG4iHsg@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Re: [BUGS] BUG #6189: libpq: sslmode=require verifies server certificate if root.crt is present (Alvaro Herrera <alvherre@commandprompt.com>) |
| Ответы |
Re: Re: [BUGS] BUG #6189: libpq: sslmode=require verifies server certificate if root.crt is present
|
| Список | pgsql-hackers |
On Fri, Sep 23, 2011 at 15:55, Alvaro Herrera <alvherre@commandprompt.com> wrote: > > Excerpts from Magnus Hagander's message of vie sep 23 10:39:46 -0300 2011: >> On Fri, Sep 23, 2011 at 14:49, Robert Haas <robertmhaas@gmail.com> wrote: >> > On Fri, Sep 23, 2011 at 8:38 AM, Magnus Hagander <magnus@hagander.net> wrote: >> >> On Fri, Sep 23, 2011 at 14:35, Lou Picciano <loupicciano@comcast.net> wrote: >> >>> On Wed, Aug 31, 2011 at 11:59, Srinivas Aji <srinivas.aji@emc.com> wrote: >> >>>> >> >>>> The following bug has been logged online: >> >>>> >> >>>> Bug reference: 6189 >> >>>> Logged by: Srinivas Aji >> >>>> Email address: srinivas.aji@emc.com >> >>>> PostgreSQL version: 9.0.4 >> >>>> Operating system: Linux >> >>>> Description: libpq: sslmode=require verifies server certificate if >> >>>> root.crt is present > >> >>> So basically, the behaviour that is by design is: >> >>> * require: if certificate exists, verify. if certificate doesn't >> >>> exist, don't verify. >> >>> * verify-ca: if certificate exists, verify. if certificate doesn't >> >>> exist, disconnect. > >> > I definitely don't think we should back-patch a behavior change that >> > silently weakens security. That's not good. >> > >> > But what about not doing it in master, either? It seems to me that we >> > could avoid ever breaking backward compatibility by adding a new >> > option "require-no-verify". >> >> Hmm. Intersting. and we could then deprecate the "require" option and >> kill it off 4 releases later or so, I guess... > > So we would have > sslmode=verify-ca / require-no-verify / verify-full / disable / allow / prefer > ? > > This seems strange to me. Why not have a second option to let the user > indicate the desired SSL verification? > > sslmode=disable/allow/prefer/require > sslverify=none/ca-if-present/ca/full > > (ca-if-present being the current "require" sslmode behavior). > > We could then deprecate sslmode=verify and verify-full and have them be > synonyms of sslmode=require and corresponding sslverify. Hmm. I agree that the other suggestion was a bit weird, but I'm not sure I like the multiple-options approach either. That's going to require redesign of all software that deals with it at all today :S Maybe we should just update the docs and be done with it :-) -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/
В списке pgsql-hackers по дате отправления: