Tom Lane wrote:
> Magnus Hagander <magnus@hagander.net> writes:
>> Attached patch cleans up the certificate verification in libpq, and adds
>> a configuration paraqmeter to control it. The new parameter is
>> "sslverify", and can be set to:
>
>> * cn = default = will validate that the certificate chains to a trusted
>> root, *and* that the cn on the certificate matches the hostname
>> specificed in the connection. This is the only option that prevents
>> man-in-the-middle attacks completely, and therefor is the default.
>
> How can you make that the default? Won't it immediately break every
> installation without certificates?
*all* SSL installations have certificate on the server side. You cannot
run without it.
And obviously the setting only has effect if you are actually running
over SSL.
> The patch seems pretty far short of sufficient as far as supporting a
> new conninfo option goes --- for instance it appears to leak the string
> at disconnect. Check through all the references to some existing option
> field to see if you missed anything else.
Hmm. yeah, I hadn't finished that part - and promptly forgot about that
:S Will look it over again.
//Magnus