Home > mailing lists

Re: PQgetssl() and alternative SSL implementations - Mailing list pgsql-hackers

From	Greg Stark
Subject	Re: PQgetssl() and alternative SSL implementations
Date	August 19, 2014 01:38:38
Msg-id	CAM-w4HOLocRzELZ0NJ=niH-LR-bpFZ-Wqo-ABg=2ERLoGDy56Q@mail.gmail.com Whole thread Raw
In response to	PQgetssl() and alternative SSL implementations (Heikki Linnakangas <hlinnakangas@vmware.com>)
List	pgsql-hackers

Tree view

On Mon, Aug 18, 2014 at 12:54 PM, Heikki Linnakangas
<hlinnakangas@vmware.com> wrote:
>   server_cert_valid: Did the server present a valid certificate? "yes" or
> "no"

Is this just whether the signature verifies? Or whether the chain is
all verified? Or whether the chain leads to a root in the directory?
Does it include verifying the CN? How does the CN comparison get done?

I think you either need to decide that libpq will do all the
verification and impose a blanket policy or leave the verification up
to the application and just return each of these properties as
individual boolean flags.

-- 
greg

pgsql-hackers by date:

From: Greg Stark
Date: 19 August 2014, 01:20:35
Subject: Re: GIST create index very very slow

From: Craig Ringer
Date: 19 August 2014, 03:21:26
Subject: Re: Reporting the commit LSN at commit time

Re: PQgetssl() and alternative SSL implementations - Mailing list pgsql-hackers

Previous

Next