| From: | Dominic Mitchell <dom(at)happygiraffe(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: SSL Support |
| Date: | 2004-09-21 18:11:48 |
| Message-ID: | 41506EE4.7070201@happygiraffe.net |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Tom Lane wrote:
> dom(at)happygiraffe(dot)net (Dominic Mitchell) writes:
>>On Tue, Sep 21, 2004 at 10:17:51AM +0200, Peter Eisentraut wrote:
>>>Am Dienstag, 21. September 2004 09:24 schrieb Dominic Mitchell:
>>>>In initialize_SSL(), we call SSL_CTX_set_verify(), but we don't pass
>>>>in the SSL_VERIFY_FAIL_IF_NO_PEER_CERT flag. This means that a client
>>>>can present no certificate and still get access to the server.
>
>
>>The code is all there to do so, pretty much. What it's missing is a few
>>toggles to make it say "I want to enforce this to happen".
>
> This is intentional. See past discussions.
Ok, I'll go and review them and stick to documentation patches. I hope
I can avoid other people being surprised in the manner I was.
Thanks,
-Dom
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2004-09-21 18:51:09 | Re: where n how 2 integrate COMPRESSION |
| Previous Message | Piyush Porwal | 2004-09-21 17:20:32 | where n how 2 integrate COMPRESSION |