Peter Eisentraut [2009-04-10 14:56 +0300]:
> I assume the server has the snakeoil certificate installed?
It is a self-signed certificate indeed (Debian's ssl-cert package).
> In that case, it is correct that the client refuses to proceed,
> although the exact manner of breaking could perhaps be improved.
That may be true for 8.4, and I'm could stop configuring the snakeoil
certificate by default. That would make configuring a server for a
real SSL certificate harder than it needs to be, though.
However, we can't afford to break existing installations. If a user
has 8.4 installed locally, he'll use libpq from 8.4, and suddenly he
could not connect to a remote SSL 8.3 cluster any more. So the check
needs at least be turned into a warning for connecting to a pre-8.4
server.
Also, the error message needs to be much clearer. Right now it just
tells you that it couldn't find a per-user root.crt and fails. So as
an user, I wonder: What is that file? I don't have one, where should I
get it from? And why does each user need to have its own?=20
html/libpq-ssl.html describes it fairly well:
"When the sslverify parameter is set to cn or cert, libpq will
verify that the server certificate is trustworthy by checking the
certificate chain up to a CA. For this to work, place the
certificate of a trusted CA in the file ~/.postgresql/root.crt in
the user's home directory. libpq will then verify that the server's
certificate is signed by one of the trusted certificate
authorities."
Nowhere does it say that the connection will fail immediately if you
do not have a root.crt. man psql(1) does not have any word about it,
like how to set the sslverify argument.
I do see the benefit of failing to connect to an SSL-enabled server
*if* I have a root.crt which doesn't match. But why fail if I don't
have one?
Thanks for considering,
Martin
--=20
Martin Pitt | http://www.piware.de
Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)