Re: [HACKERS] Possible SSL improvements for a newcomer to tackle

Поиск
Список
Период
Сортировка
От Jeff Janes
Тема Re: [HACKERS] Possible SSL improvements for a newcomer to tackle
Дата
Msg-id CAMkU=1zKmHv3Ei0AH_EMnDYtHNSBPwnpuXwgsY4h0Q9PGaXZ7A@mail.gmail.com
обсуждение исходный текст
Ответ на Re: [HACKERS] Possible SSL improvements for a newcomer to tackle  (Tom Lane <tgl@sss.pgh.pa.us>)
Ответы Re: [HACKERS] Possible SSL improvements for a newcomer to tackle  (Nico Williams <nico@cryptonector.com>)
Список pgsql-hackers
Дерево обсуждения
On Mon, Oct 2, 2017 at 9:33 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:

It's possible that we could adopt some policy like "if the root.crt file
exists then default to verify" ... but that seems messy and unreliable,
so I'm not sure it would really add any security.

That is what we do.  If root.crt exists, we default to verify-ca.

And yes, it is messy and unreliable.  I don't know if it adds any security or not.

Or do you mean we could default to verify-full instead of verify-ca?

Cheers,

Jeff

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Nico Williams
Дата:
Сообщение: Re: [HACKERS] [PATCH] Add ALWAYS DEFERRED option for constraints
Следующее
От: Peter Geoghegan
Дата:
Сообщение: Re: [HACKERS] [COMMITTERS] pgsql: Fix freezing of a dead HOT-updated tuple