Postgres Pro
Downloads
Home   >   mailing lists

Re: Re: [BUGS] BUG #6189: libpq: sslmode=require verifies server certificate if root.crt is present - Mailing list pgsql-hackers

From David Fetter
Subject Re: Re: [BUGS] BUG #6189: libpq: sslmode=require verifies server certificate if root.crt is present
Date
Msg-id 20110912182020.GA14015@fetter.org
Whole thread Raw
In response to Re: Re: [BUGS] BUG #6189: libpq: sslmode=require verifies server certificate if root.crt is present  (Magnus Hagander <magnus@hagander.net>)
Responses Re: Re: [BUGS] BUG #6189: libpq: sslmode=require verifies server certificate if root.crt is present
List pgsql-hackers
Tree view 
On Mon, Sep 12, 2011 at 07:37:23PM +0200, Magnus Hagander wrote:
> On Mon, Sep 12, 2011 at 19:21, David Fetter <david@fetter.org> wrote:
> > On Wed, Aug 31, 2011 at 09:59:18AM +0000, Srinivas Aji wrote:
> >>
> >> The following bug has been logged online:
> >>
> >> Bug reference:      6189
> >> Logged by:          Srinivas Aji
> >> Email address:      srinivas.aji@emc.com
> >> PostgreSQL version: 9.0.4
> >> Operating system:   Linux
> >> Description:        libpq: sslmode=require verifies server certificate if
> >> root.crt is present
> >> Details:
> >>
> >> >From the documentation of sslmode values in
> >> http://www.postgresql.org/docs/9.0/static/libpq-ssl.html ,
> >> it looks like libpq will not verify the server certificate when the option
> >> sslmode=require is used, and will perform different levels of certificate
> >> verification in the cases sslmode=verify-ca and sslmode=verify-full.
> >>
> >> The observed behaviour is a bit different. If the ~/.postgresql/root.crt
> >> file (or any other filename set through sslrootcert option) is found,
> >> sslmode=require also performs the same level of certificate verification as
> >> verify-ca. The difference between require and verify-ca is that it is an
> >> error for the file to not exist when sslmode is verify-ca.
> >>
> >> Thanks,
> >> Srinivas
> >
> > It looks to me like there could at least in theory be an attack vector
> > or two that we're not covering with this bug.  Anybody want to tackle
> > same?
> 
> I haven't checked the code yet, but from the report it sounds like
> we're checking *too much* - how could that be an attack vector?

Well, "too much checking," classically, is a source of denial of
service attacks.  It's not a super likely source, but it's a source,
and it'd be better to fix it than leave it lie. :)

Cheers,
David.
-- 
David Fetter <david@fetter.org> http://fetter.org/
Phone: +1 415 235 3778  AIM: dfetter666  Yahoo!: dfetter
Skype: davidfetter      XMPP: david.fetter@gmail.com
iCal: webcal://www.tripit.com/feed/ical/people/david74/tripit.ics

Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate

pgsql-hackers by date:

Previous
From: Peter Eisentraut
Date:
Subject: Re: psql additions
Next
From: Peter Eisentraut
Date:
Subject: xlog file naming