Magnus Hagander wrote:
> Attached patch cleans up the certificate verification in libpq, and adds
> a configuration paraqmeter to control it. The new parameter is
> "sslverify", and can be set to:
Because SSL offers both encryption and authentication, I wonder if we
should call this "sslauthenticate".
> * cn = default = will validate that the certificate chains to a trusted
> root, *and* that the cn on the certificate matches the hostname
> specificed in the connection. This is the only option that prevents
> man-in-the-middle attacks completely, and therefor is the default.
Should this be "commonname"?
> * cert = what we had before if there was a root certificate file = will
> validate that the certificate chains to a trusted root, but ignore the cn.
Should this be "chain"?
> * none = will disable certificate validation completely
>
>
> This means that the connection string is now in charge of the security
> policy, and not just the "if file exists or not". IMHO this is the only
> proper way to do it. Now, if you for some reason loose the root
Agreed.
-- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB
http://enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +