On Thu, Oct 21, 2004 at 02:10:48PM -0400, Tom Lane wrote:
> It was suggested to me off-list that libpq should do
> "fcntl(fd, F_SETFD, FD_CLOEXEC)" on the socket connecting to the server.
> This would prevent any child program from accidentally or maliciously
> interfering with the connection. It
Tom Lane wrote:
[EMAIL PROTECTED] (Dominic Mitchell) writes:
On Tue, Sep 21, 2004 at 10:17:51AM +0200, Peter Eisentraut wrote:
Am Dienstag, 21. September 2004 09:24 schrieb Dominic Mitchell:
In initialize_SSL(), we call SSL_CTX_set_verify(), but we don't pass
in the SSL_VERIFY_FAIL_IF_NO_PEER
On Tue, Sep 21, 2004 at 10:44:22AM +0200, Kaare Rasmussen wrote:
> > I think verification of the server certificates is not supported either.
> > SSL only serves for encryption, not authentication or integrity checking
> > (which is probably a stupid idea).
>
> I have this feeling that SSL in Pos
On Tue, Sep 21, 2004 at 10:17:51AM +0200, Peter Eisentraut wrote:
> Am Dienstag, 21. September 2004 09:24 schrieb Dominic Mitchell:
> > I am also unsure of the
> > procedures for submitting patches; is it ok to just send to hackers?
>
> [EMAIL PROTECTED]
Thanks, I&#
I've just spent a while this afternoon attempting to get SSL support
working. It appears to be lacking in a few areas, foremost
documentation. I've got a patch filling in the missing pieces for the
server side, but I am unsure where I should document the client side
bits (~/.postgresql/root.crt a
