The following bug has been logged online: Bug reference: 4340 Logged by: Dan Kaminsky Email address: [EMAIL PROTECTED] PostgreSQL version: 7.3 Operating system: Any Description: SECURITY: Is SSL Doing Anything? Details:
http://www.google.com/codesearch?hl=en&q=verify_cb+package:http://ring.atr.j p/archives/misc/db/postgresql-jp/7.3beta/postgresql-7.3b1.tar.gz+show:T2MIh9 GrfhE:LRGuIfOPoEk:-Eemn4ZpAKY&sa=N&cd=1&ct=rc&cs_p=http://ring.atr.jp/archiv es/misc/db/postgresql-jp/7.3beta/postgresql-7.3b1.tar.gz&cs_f=postgresql-7.3 b1/src/interfaces/libpq/fe-secure.c#l355 /* * Certificate verification callback * * This callback allows us to log intermediate problems during * verification, but there doesn't seem to be a clean way to get * our PGconn * structure. So we can't log anything! * * This callback also allows us to override the default acceptance * criteria (e.g., accepting self-signed or expired certs), but * for now we accept the default checks. */ static int verify_cb(int ok, X509_STORE_CTX *ctx) { return ok; } --- Clearly, this is handling self-signed certs. Great. But what I really want to know is, is verify_peer accepting a self-signed identity assertion? Because that'd be remote EoP. -- Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-bugs
