Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt

From: Magnus Hagander <magnus(at)hagander(dot)net>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Martin Pitt <mpitt(at)debian(dot)org>, pgsql-bugs(at)postgresql(dot)org
Subject: Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt
Date: 2009-04-10 17:21:57
Message-ID: 49DF8035.3090706@hagander.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

Tom Lane wrote:
> Magnus Hagander <magnus(at)hagander(dot)net> writes:
>> Tom Lane wrote:
>>> It is not apparent why the client should be stricter than
>>> that, and definitely not apparent why such strictness should be the
>>> default behavior.
>
>> It's "secure by default".
>
> In my experience ssh itself isn't this strict. Why should libpq be?
> I think most users will see this as a bug, not as being secure.

ssh prompts the user when this happens. We don't have a mechanism for
prompting the user.

IIRC when you run ssh in a mode where it can't prompt the user, it will
refuse to connect, thus being just as strict as we are.

//Magnus

In response to

Responses

Browse pgsql-bugs by date

  From Date Subject
Next Message Tom Lane 2009-04-10 17:31:31 Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt
Previous Message Tom Lane 2009-04-10 17:17:56 Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt