| From: | "Srinivas Aji" <srinivas(dot)aji(at)emc(dot)com> |
|---|---|
| To: | pgsql-bugs(at)postgresql(dot)org |
| Subject: | BUG #6189: libpq: sslmode=require verifies server certificate if root.crt is present |
| Date: | 2011-08-31 09:59:18 |
| Message-ID: | 201108310959.p7V9xIRp030425@wwwmaster.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs pgsql-hackers |
The following bug has been logged online:
Bug reference: 6189
Logged by: Srinivas Aji
Email address: srinivas(dot)aji(at)emc(dot)com
PostgreSQL version: 9.0.4
Operating system: Linux
Description: libpq: sslmode=require verifies server certificate if
root.crt is present
Details:
From the documentation of sslmode values in
http://www.postgresql.org/docs/9.0/static/libpq-ssl.html ,
it looks like libpq will not verify the server certificate when the option
sslmode=require is used, and will perform different levels of certificate
verification in the cases sslmode=verify-ca and sslmode=verify-full.
The observed behaviour is a bit different. If the ~/.postgresql/root.crt
file (or any other filename set through sslrootcert option) is found,
sslmode=require also performs the same level of certificate verification as
verify-ca. The difference between require and verify-ca is that it is an
error for the file to not exist when sslmode is verify-ca.
Thanks,
Srinivas
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2011-08-31 21:11:50 | Re: BUG #6186: out of memory while analyze |
| Previous Message | John R Pierce | 2011-08-31 06:14:41 | Re: BUG #6186: out of memory while analyze |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2011-08-31 10:22:04 | Re: limit in subquery causes poor selectivity estimation |
| Previous Message | Albe Laurenz | 2011-08-31 09:34:31 | Re: postgesql-9.0.4 compile on AIX 6.1 using gcc 4.4.6 |