| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PG Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: SSL cleanups/hostname verification |
| Date: | 2008-10-21 08:02:11 |
| Message-ID: | 48FD8C83.9000805@gmx.net |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Robert Haas wrote:
>>> How can you make that the default? Won't it immediately break every
>>> installation without certificates?
>> *all* SSL installations have certificate on the server side. You cannot
>> run without it.
>
> s/without certificates/with self-signed certificates/
>
> which I would guess to be a common configuration
Yeah, but those setups are already broken anyway; the users just appear
not to know it.
If you install a new web browser, would you want it to be configured by
default to warn about untrusted certificates or to "not bother" the user
about it? It's pretty much the same question here.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2008-10-21 08:04:02 | Re: SSL cleanups/hostname verification |
| Previous Message | tomas | 2008-10-21 07:49:44 | Re: [HACKERS] Debian no longer dumps cores? |