From: | Bruce Momjian <bruce(at)momjian(dot)us> |
---|---|
To: | Stephen Frost <sfrost(at)snowman(dot)net> |
Cc: | Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-bugs(at)postgresql(dot)org, Martin Pitt <mpitt(at)debian(dot)org> |
Subject: | Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt |
Date: | 2009-04-10 19:44:44 |
Message-ID: | 200904101944.n3AJiiw21983@momjian.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
Stephen Frost wrote:
-- Start of PGP signed section.
> * Peter Eisentraut (peter_e(at)gmx(dot)net) wrote:
> > This is not a question of new client with old server. The new version of the
> > client has a more secure default that will possibly prevent it from connecting
> > to *any* server that is not adequately configured.
>
> A properly configured server could cause a failure too unless the client
> is *also* properly configured. Sure, it's good for people to do. No, I
> don't think we should break things if people don't build out a whole PKI
> for PG and configure all their certs correctly. It's pie-in-the-sky to
> think everyone will do that, and in the end most will just say "SSL
> breaks stuff, so we'll disable it" which certainly isn't better.
>
> > But it's a default, so the user can change it.
>
> It should be the default to connect, maybe with a warning.
>
> > Consider the analogy that a new web browser comes out that verifies server
> > certificates (as of course all respectable browsers do nowadays) whereas the
> > previous version one didn't. The right fix there is certainly not to
> > downgrade this to a warning when connecting to an older web server.
>
> Uh, no, the right fix is to have a warning/prompt (as pretty much all
> web browsers today do) but then continue to connect. Also, the
> web-browser analogy completely falls apart when you consider that the
> use case is significantly different (how many times have you connected
> to a PG server that you didn't know?).
The problem is that libpq doesn't have any ability to warn/prompt like
SSH and web browsers do, so I think Magnus patterned the libpq behavior
around cases where warning/prompt failed in these environments.
I am not saying the current behavior is correct, only why it was
configured that way.
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +
From | Date | Subject | |
---|---|---|---|
Next Message | Peter Eisentraut | 2009-04-10 19:46:06 | Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt |
Previous Message | Bruce Momjian | 2009-04-10 19:42:37 | Re: Re: [BUGS] BUG #4027: backslash escaping notdisabled inplpgsql |