Re: SSL Support

Am Dienstag, 21. September 2004 09:24 schrieb Dominic Mitchell:
> I am also unsure of the
> procedures for submitting patches; is it ok to just send to hackers?

pgsql-patches(at)postgresql(dot)org

> In initialize_SSL(), we call SSL_CTX_set_verify(), but we don't pass
> in the SSL_VERIFY_FAIL_IF_NO_PEER_CERT flag. This means that a client
> can present no certificate and still get access to the server.

Client-side certificates as an authentication mechanism are not intended to be
supported. It might be a nice feature to add, though.

> There's nothing that gets logged to say that an SSL connection was
> made. This would be useful for testing. Something like logging the
> connection as "1.2.3.4/ssl"?

That seems reasonable.

> In initialize_SSL(), we call SSL_CTX_set_verify_depth(SSL_context, 1).
> This should probably be a configurable item. I /think/ it might be
> stopping me from successfully verifying the server certificate is
> signed by the CA listed in my client's root.crt file, but I'm not
> sure.

I think verification of the server certificates is not supported either. SSL
only serves for encryption, not authentication or integrity checking (which
is probably a stupid idea).

> In open_client_SSL() again, the call to verify that the CN of the
> certificate is the same as the hostname you've connected to is
> commented out. So you have no idea whether or not you've connected to
> the right server.

This seems to match the pattern I described above.

--
Peter Eisentraut
http://developer.postgresql.org/~petere/