Re: SSL (patch 3) - Mailing list pgsql-patches

From Peter Eisentraut
Subject Re: SSL (patch 3)
Date
Msg-id Pine.LNX.4.44.0205272206420.2460-100000@localhost.localdomain
Whole thread Raw
In response to SSL (patch 3)  (Bear Giles <bgiles@coyotesong.com>)
Responses Re: SSL (patch 3)
List pgsql-patches
Bear Giles writes:

> Third patch - adds client verification of server certificate.
> This has some POSIX-isms that need to be expanded for Windows
> and Mac clients, and identifies (but does not fix) a problem
> on the backend that could be used for "denial of service"
> attacks on the current backend.

What happens if I don't want to use this feature and/or I don't have the
certificates set up?  Why are errors from getpwuid() thrown away, isn't
that a risk?

POSIX-isms in SSL code are OK.  I don't think WIN32 handles SSL yet.
Please use MAXPGPATH to size buffers for file names.

What exactly is the "problem" you identify?  I couldn't make it out.

--
Peter Eisentraut   peter_e@gmx.net


pgsql-patches by date:

Previous
From: Peter Eisentraut
Date:
Subject: Re: SSL (patch 1)
Next
From: Peter Eisentraut
Date:
Subject: Re: SSL (patch 4)