Home > mailing lists

Re: [HACKERS] Possible SSL improvements for a newcomer to tackle - Mailing list pgsql-hackers

From	Jeff Janes
Subject	Re: [HACKERS] Possible SSL improvements for a newcomer to tackle
Date	October 5, 2017 00:47:45
Msg-id	CAMkU=1zKmHv3Ei0AH_EMnDYtHNSBPwnpuXwgsY4h0Q9PGaXZ7A@mail.gmail.com Whole thread Raw
In response to	Re: [HACKERS] Possible SSL improvements for a newcomer to tackle (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: [HACKERS] Possible SSL improvements for a newcomer to tackle
List	pgsql-hackers

Tree view

On Mon, Oct 2, 2017 at 9:33 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:

It's possible that we could adopt some policy like "if the root.crt file
exists then default to verify" ... but that seems messy and unreliable,
so I'm not sure it would really add any security.

That is what we do. If root.crt exists, we default to verify-ca.

And yes, it is messy and unreliable. I don't know if it adds any security or not.

Or do you mean we could default to verify-full instead of verify-ca?

Cheers,

Jeff

pgsql-hackers by date:

From: Nico Williams
Date: 05 October 2017, 00:24:03
Subject: Re: [HACKERS] [PATCH] Add ALWAYS DEFERRED option for constraints

From: Peter Geoghegan
Date: 05 October 2017, 00:50:03
Subject: Re: [HACKERS] [COMMITTERS] pgsql: Fix freezing of a dead HOT-updated tuple

Re: [HACKERS] Possible SSL improvements for a newcomer to tackle - Mailing list pgsql-hackers

Previous

Next