On Fri, Sep 23, 2011 at 15:55, Alvaro Herrera <alvhe...@commandprompt.com> wrote: > > Excerpts from Magnus Hagander's message of vie sep 23 10:39:46 -0300 2011: >> On Fri, Sep 23, 2011 at 14:49, Robert Haas <robertmh...@gmail.com> wrote: >> > On Fri, Sep 23, 2011 at 8:38 AM, Magnus Hagander <mag...@hagander.net> >> > wrote: >> >> On Fri, Sep 23, 2011 at 14:35, Lou Picciano <loupicci...@comcast.net> >> >> wrote: >> >>> On Wed, Aug 31, 2011 at 11:59, Srinivas Aji <srinivas....@emc.com> wrote: >> >>>> >> >>>> The following bug has been logged online: >> >>>> >> >>>> Bug reference: 6189 >> >>>> Logged by: Srinivas Aji >> >>>> Email address: srinivas....@emc.com >> >>>> PostgreSQL version: 9.0.4 >> >>>> Operating system: Linux >> >>>> Description: libpq: sslmode=require verifies server certificate >> >>>> if >> >>>> root.crt is present > >> >>> So basically, the behaviour that is by design is: >> >>> * require: if certificate exists, verify. if certificate doesn't >> >>> exist, don't verify. >> >>> * verify-ca: if certificate exists, verify. if certificate doesn't >> >>> exist, disconnect. > >> > I definitely don't think we should back-patch a behavior change that >> > silently weakens security. That's not good. >> > >> > But what about not doing it in master, either? It seems to me that we >> > could avoid ever breaking backward compatibility by adding a new >> > option "require-no-verify". >> >> Hmm. Intersting. and we could then deprecate the "require" option and >> kill it off 4 releases later or so, I guess... > > So we would have > sslmode=verify-ca / require-no-verify / verify-full / disable / allow / prefer > ? > > This seems strange to me. Why not have a second option to let the user > indicate the desired SSL verification? > > sslmode=disable/allow/prefer/require > sslverify=none/ca-if-present/ca/full > > (ca-if-present being the current "require" sslmode behavior). > > We could then deprecate sslmode=verify and verify-full and have them be > synonyms of sslmode=require and corresponding sslverify.
Hmm. I agree that the other suggestion was a bit weird, but I'm not sure I like the multiple-options approach either. That's going to require redesign of all software that deals with it at all today :S Maybe we should just update the docs and be done with it :-) -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/ -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
