On Mon, Sep 12, 2011 at 19:21, David Fetter <david@fetter.org> wrote:
> On Wed, Aug 31, 2011 at 09:59:18AM +0000, Srinivas Aji wrote:
>>
>> The following bug has been logged online:
>>
>> Bug reference: 6189
>> Logged by: Srinivas Aji
>> Email address: srinivas.aji@emc.com
>> PostgreSQL version: 9.0.4
>> Operating system: Linux
>> Description: libpq: sslmode=require verifies server certificate if
>> root.crt is present
>> Details:
>>
>> >From the documentation of sslmode values in
>> http://www.postgresql.org/docs/9.0/static/libpq-ssl.html ,
>> it looks like libpq will not verify the server certificate when the option
>> sslmode=require is used, and will perform different levels of certificate
>> verification in the cases sslmode=verify-ca and sslmode=verify-full.
>>
>> The observed behaviour is a bit different. If the ~/.postgresql/root.crt
>> file (or any other filename set through sslrootcert option) is found,
>> sslmode=require also performs the same level of certificate verification as
>> verify-ca. The difference between require and verify-ca is that it is an
>> error for the file to not exist when sslmode is verify-ca.
>>
>> Thanks,
>> Srinivas
>
> It looks to me like there could at least in theory be an attack vector
> or two that we're not covering with this bug. Anybody want to tackle
> same?
I haven't checked the code yet, but from the report it sounds like
we're checking *too much* - how could that be an attack vector?
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/