rdelaage/postgresql
1
0
Fork 0
mirror of https://git.postgresql.org/git/postgresql.git synced 2024-09-14 06:29:36 +02:00
Code Issues Packages Projects Releases Wiki Activity
fbfe6910ec
postgresql/src/backend/libpq
History
Michael Paquier a2c84990be Add system view pg_ident_file_mappings 
This view is similar to pg_hba_file_rules view, except that it is
associated with the parsing of pg_ident.conf.  Similarly to its cousin,
this view is useful to check via SQL if changes planned in pg_ident.conf
would work upon reload or restart, or to diagnose a previous failure.

Bumps catalog version.

Author: Julien Rouhaud
Reviewed-by: Aleksander Alekseev, Michael Paquier
Discussion: https://postgr.es/m/20220223045959.35ipdsvbxcstrhya@jrouhaud
2022-03-29 10:15:48 +09:00
..
auth-sasl.c
auth-scram.c Improve error handling of HMAC computations 2022-01-13 16:17:21 +09:00
auth.c Clean up messy API for src/port/thread.c. 2022-01-11 13:46:20 -05:00
be-fsstubs.c
be-gssapi-common.c
be-secure-common.c Allow root-owned SSL private keys in libpq, not only the backend. 2022-02-28 14:12:52 -05:00
be-secure-gssapi.c
be-secure-openssl.c
be-secure.c
crypt.c
hba.c Add system view pg_ident_file_mappings 2022-03-29 10:15:48 +09:00
ifaddr.c
Makefile
pg_hba.conf.sample
pg_ident.conf.sample
pqcomm.c Revert "graceful shutdown" changes for Windows. 2022-03-22 10:19:15 -04:00
pqformat.c
pqmq.c
pqsignal.c
README.SSL

README.SSL 

src/backend/libpq/README.SSL

SSL
===

>From the servers perspective:


  Receives StartupPacket
           |
           |
 (Is SSL_NEGOTIATE_CODE?) -----------  Normal startup
           |                  No
           |
           | Yes
           |
           |
 (Server compiled with USE_SSL?) ------- Send 'N'
           |                       No        |
           |                                 |
           | Yes                         Normal startup
           |
           |
        Send 'S'
           |
           |
      Establish SSL
           |
           |
      Normal startup





>From the clients perspective (v6.6 client _with_ SSL):


      Connect
         |
         |
  Send packet with SSL_NEGOTIATE_CODE
         |
         |
  Receive single char  ------- 'S' -------- Establish SSL
         |                                       |
         | '<else>'                              |
         |                                  Normal startup
         |
         |
   Is it 'E' for error  ------------------- Retry connection
         |                  Yes             without SSL
         | No
         |
   Is it 'N' for normal ------------------- Normal startup
         |                  Yes
         |
   Fail with unknown

---------------------------------------------------------------------------

Ephemeral DH
============

Since the server static private key ($DataDir/server.key) will
normally be stored unencrypted so that the database backend can
restart automatically, it is important that we select an algorithm
that continues to provide confidentiality even if the attacker has the
server's private key.  Ephemeral DH (EDH) keys provide this and more
(Perfect Forward Secrecy aka PFS).

N.B., the static private key should still be protected to the largest
extent possible, to minimize the risk of impersonations.

Another benefit of EDH is that it allows the backend and clients to
use DSA keys.  DSA keys can only provide digital signatures, not
encryption, and are often acceptable in jurisdictions where RSA keys
are unacceptable.

The downside to EDH is that it makes it impossible to use ssldump(1)
if there's a problem establishing an SSL session.  In this case you'll
need to temporarily disable EDH (see initialize_dh()).