Magnus Hagander <magnus@hagander.net> writes:
> I don't see a problem at all with providing the snakeoil cert. In
> fact, it's quite useful.
> I see a problem with enabling it by default. Because it makes people
> think they are more secure than they are.
I am far from an SSL expert, but I had the idea that the only problem
with a self-signed cert is that the client can't trace it to a trusted
cert --- so if the user took the further step of copying the cert to the
client machines' ~/.postgresql/root.crt files, wouldn't things be just
fine?
> In a browser, they will get a big fat warning every time, so they will
> know it. There is no such warning in psql. Actually, maybe we should
> *add* such a warning. We could do it in psql. We can't do it in libpq
> for everyone, but we can do it in our own tools... Particularly since
> we do print the SSL information already - we could just add a
> "warning: cert not verified" or something like that to the same piece
> of information.
No objection to that. I do have an objection to trying to force people
to use SSL, which is how I read some of the other proposals in this
thread --- but if they are already choosing to use SSL, and it's not as
secure as it could be, some sort of notice seems reasonable.
What happens in the other direction, ie if a client presents a
self-signed cert that the server can't verify?
regards, tom lane
