more verbose SSL session info for psql

From: Bear Giles <bgiles(at)coyotesong(dot)com>
To: pgsql-patches(at)postgresql(dot)org
Subject: more verbose SSL session info for psql
Date: 2002-05-16 04:28:01
Message-ID: 200205160428.WAA26571@eris.coyotesong.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-patches

This is a small patch - many people (including myself) believe that
all encrypted channels should always clearly communicate to the user
the identity and session parameters of the connection. This allows
the user to decide whether to abort a connection if they find something
unexpected and unacceptable.

This patch only affects psql, and merely replaces

SSL connection
(cipher: DES-CBC3-SHA, bits 168)

with the moderately more useful

encrypted connection to eris.example.com
Chaos and Despair, Unlimited.
Turmoil Division
(cipher: DES-CBC3-SHA, bits 168)

(Specifically, the "common name", "organization name" and
"organizational unit name" fields of the server's cert.)

Before anyone else points it out, anyone can put anything they want
into their own self-signed cert. So the value of this is limited
until there's either a trusted local root cert store (like what
web browsers use) or a trusted PKIX infrastructure. But it's better
than nothing if you routinely connect to multiple servers, and it
will get people used to seeing the information.

Bear

Attachment Content-Type Size
diff text/plain 1.8 KB

Responses

Browse pgsql-patches by date

  From Date Subject
Next Message Joe Conway 2002-05-16 05:16:28 Re: SRF patch (was Re: [HACKERS] troubleshooting pointers)
Previous Message Tom Lane 2002-05-14 23:15:14 Re: SRF patch (was Re: [HACKERS] troubleshooting pointers)