| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Dan Kaminsky <dan(at)doxpara(dot)com> |
| Cc: | Gregory Stark <stark(at)enterprisedb(dot)com>, Alvaro Herrera <alvherre(at)commandprompt(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>, pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: BUG #4340: SECURITY: Is SSL Doing Anything? |
| Date: | 2008-08-19 16:00:58 |
| Message-ID: | 1667.1219161658@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Dan Kaminsky <dan(at)doxpara(dot)com> writes:
> My question has been: When you attempt to create an SSL connection to
> database.backend.com, do you actually validate that:
> 1) The subject name of the certificate you're connecting to is
> database.backend.com, and
> 2) At least the basic checks (expiration, chaining back to a valid root)
> occur?
[ shrug... ] We do whatever OpenSSL's default validation behavior is.
If that's inadequate you probably ought to be taking it up with them,
instead of trying to get downstream projects to fix it one at a time.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dan Kaminsky | 2008-08-19 17:04:15 | Re: BUG #4340: SECURITY: Is SSL Doing Anything? |
| Previous Message | Dan Kaminsky | 2008-08-19 15:58:06 | Re: BUG #4340: SECURITY: Is SSL Doing Anything? |