Home > mailing lists

Re: BUG #4340: SECURITY: Is SSL Doing Anything? - Mailing list pgsql-bugs

From	Tom Lane
Subject	Re: BUG #4340: SECURITY: Is SSL Doing Anything?
Date	August 4, 2008 16:24:36
Msg-id	5845.1217867070@sss.pgh.pa.us Whole thread Raw
In response to	Re: BUG #4340: SECURITY: Is SSL Doing Anything? (Dan Kaminsky <dan@doxpara.com>)
Responses	Re: BUG #4340: SECURITY: Is SSL Doing Anything?
List	pgsql-bugs

Tree view

Dan Kaminsky <dan@doxpara.com> writes:
>     Lets talk about the verify_cb callback first:  Suppose there's a
> man-in-the-middle between the PG client and the PG server.  Is some
> secondary force going to apply some Trusted CA list?

I'm not sure why we have verify_cb at all -- so far as I can see,
it just specifies the same behavior as OpenSSL's default.  Are
you saying that OpenSSL's default verification behavior is broken?

>     Second, are you saying verify_peer doesn't do anything for
> authentication?  Are you sure about that?  There's really little reason
> otherwise for the call to exist.

Er, we don't *have* a verify_peer callback.

            regards, tom lane

pgsql-bugs by date:

From: Dan Kaminsky
Date: 04 August 2008, 16:16:09
Subject: Re: BUG #4340: SECURITY: Is SSL Doing Anything?

From: Markus Wanner
Date: 05 August 2008, 12:21:18
Subject: Re: BUG #4339: The postgreSQL service stops abnormally

Re: BUG #4340: SECURITY: Is SSL Doing Anything? - Mailing list pgsql-bugs

Previous

Next