Magnus Hagander wrote:
> We could make it so that we *require* the root certificate to be present
> on the client and make the check, and simply refuse to connect without
> it. But my guess is that it'll just increase the bar for SSL adoption at
> all, whilst most people will find some insecure way to get the root key
> over there anyway. Unless we want to start shipping our own batch of
> trusted roots, and only support paid-for certificates or something...
Agreed. Requiring client root certificate checking is heavy-handed. At
most we could emit a server log message when a client has no
certificate.
Of course I am not sure anyone knows how to get that information from
SSL. We could do it in the clients we ship but a malicious client will
just remove the check.
-- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB
http://postgres.enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +