Re: BUG #4340: SECURITY: Is SSL Doing Anything? - Mailing list pgsql-bugs

From Dan Kaminsky
Subject Re: BUG #4340: SECURITY: Is SSL Doing Anything?
Date
Msg-id 48AAED8E.1030402@doxpara.com
Whole thread Raw
In response to Re: BUG #4340: SECURITY: Is SSL Doing Anything?  (Gregory Stark <stark@enterprisedb.com>)
List pgsql-bugs
Gregory Stark wrote:
> "Tom Lane" <tgl@sss.pgh.pa.us> writes:
>
>
>> Actually, I had missed that the OP was looking at 7.3 rather than 8.3.
>> There was a "verify_peer()" in 7.3 but it was #ifdef'd out.  The
>> question remains whether there's a reason to have it.  It would be good
>> if the discussion were based on a non-obsolete PG version ...
>>
>
> Well in theory SSL without at least one-way authentication is actually
> worthless. It's susceptible to man-in-the-middle attacks meaning someone can
> sniff all the contents or even inject into or take over connections. It is
> proof against passive attacks but active attacks are known in the field so
> that's cold comfort these days.
As the finder of recent DNS issues, I'm pretty aware of real world
active attacks.

My question has been:  When you attempt to create an SSL connection to
database.backend.com, do you actually validate that:

1) The subject name of the certificate you're connecting to is
database.backend.com, and
2) At least the basic checks (expiration, chaining back to a valid root)
occur?

I've gotten some reasonable hints that #2 happen, but I don't know if #1
happens, and these comments make me worry.

--Dan

pgsql-bugs by date:

Previous
From: Tom Lane
Date:
Subject: Re: BUG #4340: SECURITY: Is SSL Doing Anything?
Next
From: Dan Kaminsky
Date:
Subject: Re: BUG #4340: SECURITY: Is SSL Doing Anything?