Peter Eisentraut [2009-04-10 14:56 +0300]: > I assume the server has the snakeoil certificate installed?
It is a self-signed certificate indeed (Debian's ssl-cert package). > In that case, it is correct that the client refuses to proceed, > although the exact manner of breaking could perhaps be improved. That may be true for 8.4, and I'm could stop configuring the snakeoil certificate by default. That would make configuring a server for a real SSL certificate harder than it needs to be, though. However, we can't afford to break existing installations. If a user has 8.4 installed locally, he'll use libpq from 8.4, and suddenly he could not connect to a remote SSL 8.3 cluster any more. So the check needs at least be turned into a warning for connecting to a pre-8.4 server. Also, the error message needs to be much clearer. Right now it just tells you that it couldn't find a per-user root.crt and fails. So as an user, I wonder: What is that file? I don't have one, where should I get it from? And why does each user need to have its own? html/libpq-ssl.html describes it fairly well: "When the sslverify parameter is set to cn or cert, libpq will verify that the server certificate is trustworthy by checking the certificate chain up to a CA. For this to work, place the certificate of a trusted CA in the file ~/.postgresql/root.crt in the user's home directory. libpq will then verify that the server's certificate is signed by one of the trusted certificate authorities." Nowhere does it say that the connection will fail immediately if you do not have a root.crt. man psql(1) does not have any word about it, like how to set the sslverify argument. I do see the benefit of failing to connect to an SSL-enabled server *if* I have a root.crt which doesn't match. But why fail if I don't have one? Thanks for considering, Martin -- Martin Pitt | http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)
signature.asc
Description: Digital signature
