| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
| Cc: | Shankar Bhaskaran <mailshankarb(at)gmail(dot)com>, "pgsql-generallists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Certficates |
| Date: | 2020-08-10 20:15:03 |
| Message-ID: | 3252574.1597090503@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
"David G. Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> writes:
> On Mon, Aug 10, 2020 at 10:54 AM Shankar Bhaskaran <mailshankarb(at)gmail(dot)com>
> wrote:
>> How does psql import the server certificate?
> It works by default because both the server and client are usually
> installed from the same source and the same default certificate files are
> provided to each.
Actually I suspect the answer is "it works because the default behavior
is to just encrypt the connection, not to try to verify the server
certificate". If you want it to fail when it doesn't recognize the server
cert, you need sslmode=verify-ca or sslosslmode=verify-full in your
connection string. See sslmode here:
https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-PARAMKEYWORDS
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Israel Brewster | 2020-08-10 20:44:49 | Re: UUID or auto-increment |
| Previous Message | David G. Johnston | 2020-08-10 20:10:17 | Re: Certficates |