Postgres still connecting via SSL - despite invalid certificates

Should a new user just default to LinearModelFit (vs Fit)

Is it possible to rotate the Isolines on a Surface Using `MeshFunction`?

Does the US government have any planning in place to ensure there's no shortages of food, fuel, steel and other commodities?

How can I give a Ranger advantage on a check due to Favored Enemy without spoiling the story for the player?

Do we still track damage on indestructible creatures?

Why didn't Tom Riddle take the presence of Fawkes and the Sorting Hat as more of a threat?

Possible issue with my W4 and tax return

Equivalent of "illegal" for violating civil law

Is the percentage symbol a constant?

Plausible reason for gold-digging ant

Sensor logger for Raspberry Pi in a stratospheric probe

Why does alert(0.-5) print -5?

What does からか mean?

Prevent Nautilus / Nemo from creating .Trash-1000 folder in mounted devices

Why is it that Bernie Sanders is always called a "socialist"?

What is a good way to explain how a character can produce flames from their body?

Buying a "Used" Router

What does an unprocessed RAW file look like?

How to politely refuse in-office gym instructor for steroids and protein

Writing dialogues for characters whose first language is not English

The No-Straight Maze

How can I handle players killing my NPC outside of combat?

How can I deduce the power of a capacitor from its datasheet?

Rigorous justification for non-relativistic QM perturbation theory assumptions?



Postgres still connecting via SSL - despite invalid certificates














0















I'm playing around with SSL connections to a test postgres server and I'm finding I can still initiate an SSL connection despite invalid certificates. (The valid date has expired)



I have enforced SSL connections in the pg_hba.conf



## pg_hba.conf - SSL TESTING

hostssl         mike            mike            192.168.56.106/32       md5


SSL Certificate is expired:



$ openssl x509 -in server.crt -noout -dates

notBefore=Feb 22 18:29:39 2019 GMT

notAfter=Feb 23 18:29:39 2019 GMT


Still able to connect via SSL:



postgres:/db/postgresql/10/data>psql "sslmode=require host=192.168.56.105 dbname=mike user=mike"

Password: 

psql (10.7)

SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384, bits: 256, compression: off)

Type "help" for help.

mike=>


Why can I still connect?



I'm hoping for a situation where the connection is rejected because the certificate is invalid - am I missing something? Any help appreciated :)






postgresql ssl






share







New contributor




Mike Gale is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

























    0















    I'm playing around with SSL connections to a test postgres server and I'm finding I can still initiate an SSL connection despite invalid certificates. (The valid date has expired)



    I have enforced SSL connections in the pg_hba.conf



    ## pg_hba.conf - SSL TESTING
    
hostssl         mike            mike            192.168.56.106/32       md5


    SSL Certificate is expired:



    $ openssl x509 -in server.crt -noout -dates
    
notBefore=Feb 22 18:29:39 2019 GMT
    
notAfter=Feb 23 18:29:39 2019 GMT


    Still able to connect via SSL:



    postgres:/db/postgresql/10/data>psql "sslmode=require host=192.168.56.105 dbname=mike user=mike"
    
Password: 
    
psql (10.7)
    
SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384, bits: 256, compression: off)
    
Type "help" for help.
    
mike=>


    Why can I still connect?



    I'm hoping for a situation where the connection is rejected because the certificate is invalid - am I missing something? Any help appreciated :)






    postgresql ssl






    share







    New contributor




    Mike Gale is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.























      0












      0








      0








      I'm playing around with SSL connections to a test postgres server and I'm finding I can still initiate an SSL connection despite invalid certificates. (The valid date has expired)



      I have enforced SSL connections in the pg_hba.conf



      ## pg_hba.conf - SSL TESTING
      
hostssl         mike            mike            192.168.56.106/32       md5


      SSL Certificate is expired:



      $ openssl x509 -in server.crt -noout -dates
      
notBefore=Feb 22 18:29:39 2019 GMT
      
notAfter=Feb 23 18:29:39 2019 GMT


      Still able to connect via SSL:



      postgres:/db/postgresql/10/data>psql "sslmode=require host=192.168.56.105 dbname=mike user=mike"
      
Password: 
      
psql (10.7)
      
SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384, bits: 256, compression: off)
      
Type "help" for help.
      
mike=>


      Why can I still connect?



      I'm hoping for a situation where the connection is rejected because the certificate is invalid - am I missing something? Any help appreciated :)






      postgresql ssl






      share







      New contributor




      Mike Gale is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.












      I'm playing around with SSL connections to a test postgres server and I'm finding I can still initiate an SSL connection despite invalid certificates. (The valid date has expired)



      I have enforced SSL connections in the pg_hba.conf



      ## pg_hba.conf - SSL TESTING
      
hostssl         mike            mike            192.168.56.106/32       md5


      SSL Certificate is expired:



      $ openssl x509 -in server.crt -noout -dates
      
notBefore=Feb 22 18:29:39 2019 GMT
      
notAfter=Feb 23 18:29:39 2019 GMT


      Still able to connect via SSL:



      postgres:/db/postgresql/10/data>psql "sslmode=require host=192.168.56.105 dbname=mike user=mike"
      
Password: 
      
psql (10.7)
      
SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384, bits: 256, compression: off)
      
Type "help" for help.
      
mike=>


      Why can I still connect?



      I'm hoping for a situation where the connection is rejected because the certificate is invalid - am I missing something? Any help appreciated :)






      postgresql ssl




      postgresql ssl





      share







      New contributor




      Mike Gale is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.










      share







      New contributor




      Mike Gale is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.








      share



      share






      New contributor




      Mike Gale is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      asked 2 mins ago









      Mike GaleMike Gale

      1




      1




      New contributor




      Mike Gale is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.





      New contributor





      Mike Gale is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






      Mike Gale is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






















          0






          active

          oldest

          votes











          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "182"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });






          Mike Gale is a new contributor. Be nice, and check out our Code of Conduct.










          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fdba.stackexchange.com%2fquestions%2f230643%2fpostgres-still-connecting-via-ssl-despite-invalid-certificates%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          0






          active

          oldest

          votes








          0






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          Mike Gale is a new contributor. Be nice, and check out our Code of Conduct.










          draft saved

          draft discarded


















          Mike Gale is a new contributor. Be nice, and check out our Code of Conduct.













          Mike Gale is a new contributor. Be nice, and check out our Code of Conduct.












          Mike Gale is a new contributor. Be nice, and check out our Code of Conduct.
















          Thanks for contributing an answer to Database Administrators Stack Exchange!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fdba.stackexchange.com%2fquestions%2f230643%2fpostgres-still-connecting-via-ssl-despite-invalid-certificates%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          Discografia di Klaus Schulze Indice Album in studio | Album dal vivo | Singoli | Antologie | Colonne...

          Image
          Discografie di artisti tedeschi Voce principale: Klaus Schulze . Discografia di Klaus Schulze Klaus Schulze e Lisa Gerrard durante un concerto Album in studio 56 ↙ Album dal vivo 15 ↙ Raccolte 37 ↙ Singoli 4 ↙ Album video 1 ↙ Colonne sonore 4 ↙ Indice 1 Album in studio 1.1 Solisti 1.1.1 Come Richard Wahnfried 1.2 Collaborazioni 1.2.1 Con Rainer Bloss 1.2.2 Con Rainer Bloss ed Ernst Fuchs 1.2.3 Con Lisa Gerrard 1.2.4 Con Andreas Grosser 1.2.5 Con Pete Namlook 1.2.6 Con Pete Namlook e Bill Laswell 1.2.7 Con Michael Shrieve 1.2.8 Con Solar Moon 1.2.9 Con artisti vari 2 Album dal vivo 3 Singoli 4 Antologie 5 Colonne sonore 6 Videografia 7 Collegamenti musica Album in studio | Solisti | 1972 – Irrlicht 1973 – Cyborg 1974 – Blackdance 1975 – Timewind 1975 – Picture Music 1976 – Moondawn 1977 – Mirage 1978 – "X" 1979 – Dune...
          Read more

          Armoriale delle famiglie italiane (Car) Indice Armi | Bibliografia | Menu di navigazioneBlasone...

          Image
          Armoriali delle famiglie italiane Blasone Cesenate Famiglie nobili di SiciliaFamiglie nobili di SiciliaTropea MagazineTropea MagazineNobili napoletani Nobili napoletani[1]Nobili napoletaniNobili napoletaniTropea Magazine Nobili napoletaniNobili napoletani Famiglie nobili di SiciliaBlasonario CremoneseFamiglie nobili di Sicilia Archivio Storico CapitolinoRaccolta stemmi TrippiniFamiglie nobili di SiciliaNobili napoletaniArmas de los cavalleros de Veneçia Tropea Magazine Famiglie nobili di Sicilia Nobili napoletaniFamiglie nobili di SiciliaRaccolta stemmi Topoguz Famiglie nobili di SiciliaBlasone CesenateRaccolta stemmi TrippiniArchivio Storico Capitolino Famiglie nobili di SiciliaFamiglie nobili di SiciliaFamiglie nobili di SiciliaFamiglie nobili di SiciliaFamiglie nobili di Sicilia Famiglie nobili di SiciliaFamiglie nobili di SiciliaBlasone Cesenate Raccolta stemmi TrippiniFamiglie nobili di SiciliaFamiglie nobili di SiciliaFamiglie nobili di Sicilia Blasonario CremoneseBlasonario Cr...
          Read more

          Lupi Siderali Indice Storia | Organizzazione | La Tredicesima Compagnia | Aspetto | Membri Importanti...

          Capitoli degli Space Marine Space MarineImperium della Terrawargame tridimensionaleWarhammer 40.000PrimarcalupiuroImperatoreRune di DissimulazioneAngeli OscuriEresia di HorusStirpe dei MilleOcchio del TerroreCaosTzeentchHorusCodex AstartesSeconda FondazioneFratelli del LupoOcchio del TerroreAlbero della VitareliquieGuardia ImperialeLogan Grimnartruppe d'assaltoImperium dell'UomoveteraniStirpe dei MilleCaosOcchio del TerroreAngeli SanguinariEresia di Horus Lupi Siderali Nome originale Space Wolves Primarca Leman Russ Grido di battaglia Per Russ e per il Padre di Tutti (un feroce ululato) Colori Grigio Altri capitoli I Lupi Siderali sono una delle venti Legioni della Prima Fondazione degli Space Marine che servono l'Imperium della Terra nel wargame tridimensionale Warhammer 40.000. Sono formidabili nel corpo a corpo, i Confratelli desiderano solo la gloria sul campo di battaglia. Indice 1 Storia 1.1 Leman Russ 1.2 La ...
          Read more