Am Dienstag, 21. September 2004 09:24 schrieb Dominic Mitchell:
> I am also unsure of the
> procedures for submitting patches; is it ok to just send to hackers?
pgsql-patches@postgresql.org
> In initialize_SSL(), we call SSL_CTX_set_verify(), but we don't pass
> in the SSL_VERIFY_FAIL_IF_NO_PEER_CERT flag. This means that a client
> can present no certificate and still get access to the server.
Client-side certificates as an authentication mechanism are not intended to be
supported. It might be a nice feature to add, though.
> There's nothing that gets logged to say that an SSL connection was
> made. This would be useful for testing. Something like logging the
> connection as "1.2.3.4/ssl"?
That seems reasonable.
> In initialize_SSL(), we call SSL_CTX_set_verify_depth(SSL_context, 1).
> This should probably be a configurable item. I /think/ it might be
> stopping me from successfully verifying the server certificate is
> signed by the CA listed in my client's root.crt file, but I'm not
> sure.
I think verification of the server certificates is not supported either. SSL
only serves for encryption, not authentication or integrity checking (which
is probably a stupid idea).
> In open_client_SSL() again, the call to verify that the CN of the
> certificate is the same as the hostname you've connected to is
> commented out. So you have no idea whether or not you've connected to
> the right server.
This seems to match the pattern I described above.
--
Peter Eisentraut
http://developer.postgresql.org/~petere/
