| From: | Shankar Bhaskaran <mailshankarb(at)gmail(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>, "pgsql-generallists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Certficates |
| Date: | 2020-08-11 16:26:30 |
| Message-ID: | CA+DMY5S_xifWqfDq9ZMWp5xn8AZJ7dUfKrSsmOr9sXzdM4YpCg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hi All ,
Thank you for all the replies , I think even if psql does not verify the
certificate , it still has to import it. I guess like David mentioned it
might have default certificates in the client and server.
Regards,
Shankar
On Tue, Aug 11, 2020 at 1:45 AM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> "David G. Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> writes:
> > On Mon, Aug 10, 2020 at 10:54 AM Shankar Bhaskaran <
> mailshankarb(at)gmail(dot)com>
> > wrote:
> >> How does psql import the server certificate?
>
> > It works by default because both the server and client are usually
> > installed from the same source and the same default certificate files are
> > provided to each.
>
> Actually I suspect the answer is "it works because the default behavior
> is to just encrypt the connection, not to try to verify the server
> certificate". If you want it to fail when it doesn't recognize the server
> cert, you need sslmode=verify-ca or sslosslmode=verify-full in your
> connection string. See sslmode here:
>
>
> https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-PARAMKEYWORDS
>
> regards, tom lane
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mark Phillips | 2020-08-11 16:37:53 | Re: serial + db key, or guid? |
| Previous Message | Samarendra Sahoo | 2020-08-11 16:19:15 | Sizing PostgreSQL VM server sizing |