Home > mailing lists

Re: BUG #4340: SECURITY: Is SSL Doing Anything? - Mailing list pgsql-bugs

From	Tom Lane
Subject	Re: BUG #4340: SECURITY: Is SSL Doing Anything?
Date	August 4, 2008 15:50:23
Msg-id	5431.1217865012@sss.pgh.pa.us Whole thread Raw
In response to	BUG #4340: SECURITY: Is SSL Doing Anything? ("Dan Kaminsky" <dan@doxpara.com>)
Responses	Re: BUG #4340: SECURITY: Is SSL Doing Anything?
List	pgsql-bugs

Tree view

"Dan Kaminsky" <dan@doxpara.com> writes:
> Clearly, this is handling self-signed certs.  Great.  But what I really want
> to know is, is verify_peer accepting a self-signed identity assertion?
> Because that'd be remote EoP.

I'm just guessing what you're driving at (unexplained acronyms aren't
a good way to communicate), but I think it's not a big problem.  PG
doesn't rely on SSL for authentication, only for communications
security, so whether the remote cert is self-signed doesn't seem
like much of an issue.  Anyway, you can adjust your list of trusted
CAs to determine whether you'll accept it or not.

            regards, tom lane

pgsql-bugs by date:

From: "Dan Kaminsky"
Date: 04 August 2008, 15:17:03
Subject: BUG #4340: SECURITY: Is SSL Doing Anything?

From: Dan Kaminsky
Date: 04 August 2008, 16:16:09
Subject: Re: BUG #4340: SECURITY: Is SSL Doing Anything?

Re: BUG #4340: SECURITY: Is SSL Doing Anything? - Mailing list pgsql-bugs

Previous

Next