Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt - Mailing list pgsql-bugs
| From | Bruce Momjian |
|---|---|
| Subject | Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt |
| Date | |
| Msg-id | 200904111233.n3BCXAK17244@momjian.us Whole thread Raw |
| In response to | Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt (Martin Pitt <mpitt@debian.org>) |
| Responses |
Re: libpq 8.4 beta1: $PGHOST complains about missing
root.crt
|
| List | pgsql-bugs |
Martin Pitt wrote:
-- Start of PGP signed section.
> Peter Eisentraut [2009-04-10 14:56 +0300]:
> > I assume the server has the snakeoil certificate installed?
>
> It is a self-signed certificate indeed (Debian's ssl-cert package).
>
> > In that case, it is correct that the client refuses to proceed,
> > although the exact manner of breaking could perhaps be improved.
>
> That may be true for 8.4, and I'm could stop configuring the snakeoil
> certificate by default. That would make configuring a server for a
> real SSL certificate harder than it needs to be, though.
>
> However, we can't afford to break existing installations. If a user
> has 8.4 installed locally, he'll use libpq from 8.4, and suddenly he
> could not connect to a remote SSL 8.3 cluster any more. So the check
> needs at least be turned into a warning for connecting to a pre-8.4
> server.
>
> Also, the error message needs to be much clearer. Right now it just
> tells you that it couldn't find a per-user root.crt and fails. So as
> an user, I wonder: What is that file? I don't have one, where should I
> get it from? And why does each user need to have its own?
>
> html/libpq-ssl.html describes it fairly well:
>
> "When the sslverify parameter is set to cn or cert, libpq will
> verify that the server certificate is trustworthy by checking the
> certificate chain up to a CA. For this to work, place the
> certificate of a trusted CA in the file ~/.postgresql/root.crt in
> the user's home directory. libpq will then verify that the server's
> certificate is signed by one of the trusted certificate
> authorities."
>
> Nowhere does it say that the connection will fail immediately if you
> do not have a root.crt. man psql(1) does not have any word about it,
> like how to set the sslverify argument.
I noticed you didn't quote the next sentence:
The SSL connection will fail if the server does not present a trusted
certificate.
Which clearly explains _a_ failure, but doesn't link it well to the
behavior. I agree the wording needs improvement so I have update the
doc paragraph to mention "requires" at the beginning":
When the sslverify parameter is set to cn or cert, libpq requires a
trustworthy server certificate by checking the certificate chain up to a
CA. To allow verification, place the certificate of a trusted CA in the
file ~/.postgresql/root.crt in the user's home directory. (On Microsoft
Windows the file is named %APPDATA%\postgresql\root.crt.) libpq will
then verify that the server's certificate is signed by one of the
trusted certificate authorities. The SSL connection will fail if the
server does not present a trusted certificate.
I will now look at improving the libpq error message.
--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +
pgsql-bugs by date: