Home > mailing lists

Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt - Mailing list pgsql-bugs

From	Stephen Frost
Subject	Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt
Date	April 10, 2009 18:28:00
Msg-id	20090410182754.GF8123@tamriel.snowman.net Whole thread Raw
In response to	Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt
List	pgsql-bugs

Tree view

* Tom Lane (tgl@sss.pgh.pa.us) wrote:
> I think I agree with Martin on this.  The server doesn't fail if you
> don't provide it a root cert; it just doesn't try to trace client certs
> to the root.  It is not apparent why the client should be stricter than
> that, and definitely not apparent why such strictness should be the
> default behavior.

I agree with this.  Avoiding spoofing is good, but so is on the wire
encryption even if you don't have anti-spoofing.  This is a reasonable
set-up and we shouldn't just fail on it.

    Stephen

pgsql-bugs by date:

From: Peter Eisentraut
Date: 10 April 2009, 18:22:12
Subject: Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt

From: Stephen Frost
Date: 10 April 2009, 18:32:33
Subject: Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt

Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt - Mailing list pgsql-bugs

Previous

Next