Tom Lane wrote: > Dan Kaminsky <[EMAIL PROTECTED]> writes: > > Lets talk about the verify_cb callback first: Suppose there's a > > man-in-the-middle between the PG client and the PG server. Is some > > secondary force going to apply some Trusted CA list? > > I'm not sure why we have verify_cb at all -- so far as I can see, > it just specifies the same behavior as OpenSSL's default. Are > you saying that OpenSSL's default verification behavior is broken?
verify_cb() is just a throwaway true parameter for the function, I assume. > > Second, are you saying verify_peer doesn't do anything for > > authentication? Are you sure about that? There's really little reason > > otherwise for the call to exist. > > Er, we don't *have* a verify_peer callback. Uh, the user reported running Postgres 7.3 and we have improved SSL quite a bit since then so perhaps an upgrade and reading the current docs would help the user. -- Bruce Momjian <[EMAIL PROTECTED]> http://momjian.us EnterpriseDB http://enterprisedb.com + If your life is a hard drive, Christ can be your backup. + -- Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-bugs
