Home > mailing lists

Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt - Mailing list pgsql-bugs

From	Magnus Hagander
Subject	Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt
Date	April 10, 2009 17:22:02
Msg-id	49DF8035.3090706@hagander.net Whole thread Raw
In response to	Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-bugs

Tree view

Tom Lane wrote:
> Magnus Hagander <magnus@hagander.net> writes:
>> Tom Lane wrote:
>>> It is not apparent why the client should be stricter than
>>> that, and definitely not apparent why such strictness should be the
>>> default behavior.
>
>> It's "secure by default".
>
> In my experience ssh itself isn't this strict.  Why should libpq be?
> I think most users will see this as a bug, not as being secure.

ssh prompts the user when this happens. We don't have a mechanism for
prompting the user.

IIRC when you run ssh in a mode where it can't prompt the user, it will
refuse to connect, thus being just as strict as we are.

//Magnus

pgsql-bugs by date:

From: Tom Lane
Date: 10 April 2009, 17:18:02
Subject: Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt

From: Tom Lane
Date: 10 April 2009, 17:31:42
Subject: Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt

Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt - Mailing list pgsql-bugs

Previous

Next