On Mon, Sep 12, 2011 at 19:21, David Fetter <da...@fetter.org> wrote: > On Wed, Aug 31, 2011 at 09:59:18AM +0000, Srinivas Aji wrote: >> >> The following bug has been logged online: >> >> Bug reference: 6189 >> Logged by: Srinivas Aji >> Email address: srinivas....@emc.com >> PostgreSQL version: 9.0.4 >> Operating system: Linux >> Description: libpq: sslmode=require verifies server certificate if >> root.crt is present >> Details: >> >> >From the documentation of sslmode values in >> http://www.postgresql.org/docs/9.0/static/libpq-ssl.html , >> it looks like libpq will not verify the server certificate when the option >> sslmode=require is used, and will perform different levels of certificate >> verification in the cases sslmode=verify-ca and sslmode=verify-full. >> >> The observed behaviour is a bit different. If the ~/.postgresql/root.crt >> file (or any other filename set through sslrootcert option) is found, >> sslmode=require also performs the same level of certificate verification as >> verify-ca. The difference between require and verify-ca is that it is an >> error for the file to not exist when sslmode is verify-ca. >> >> Thanks, >> Srinivas > > It looks to me like there could at least in theory be an attack vector > or two that we're not covering with this bug. Anybody want to tackle > same?
I haven't checked the code yet, but from the report it sounds like we're checking *too much* - how could that be an attack vector? -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/ -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
