| From: | Jacob Champion <jchampion(at)timescale(dot)com> |
|---|---|
| To: | thomas(at)habets(dot)se |
| Cc: | Andrew Dunstan <andrew(at)dunslane(dot)net>, pgsql-hackers(at)postgresql(dot)org, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Bruce Momjian <bruce(at)momjian(dot)us> |
| Subject: | Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert |
| Date: | 2022-10-25 20:17:05 |
| Message-ID: | CAAWbhmhaweeo3-_-DBYM5Knx=kMbc=PoGpCrgBFdjrS0V8X7HQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, Oct 25, 2022 at 4:01 AM <thomas(at)habets(dot)se> wrote:
> Yeah I agree that not forcing verify-full when using system CAs is a
> giant foot-gun, and many will stop configuring just until it works.
>
> Is there any argument for not checking hostname when using a CA pool
> for which literally anyone can create a cert that passes?
I don't think so. For verify-ca to make any sense, the system CA pool
would need to be very strictly curated, and IMO we already have that
use case covered today.
If there are no valuable use cases for weaker checks, then we could go
even further than my 0002 and just reject any weaker sslmodes
outright. That'd be nice.
--Jacob
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jacob Champion | 2022-10-25 20:20:59 | Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert |
| Previous Message | Justin Pryzby | 2022-10-25 20:04:01 | Re: GUC values - recommended way to declare the C variables? |