Postgres still connecting via SSL - despite invalid certificates

Should a new user just default to LinearModelFit (vs Fit)

Is it possible to rotate the Isolines on a Surface Using `MeshFunction`?

Does the US government have any planning in place to ensure there's no shortages of food, fuel, steel and other commodities?

How can I give a Ranger advantage on a check due to Favored Enemy without spoiling the story for the player?

Do we still track damage on indestructible creatures?

Why didn't Tom Riddle take the presence of Fawkes and the Sorting Hat as more of a threat?

Possible issue with my W4 and tax return

Equivalent of "illegal" for violating civil law

Is the percentage symbol a constant?

Plausible reason for gold-digging ant

Sensor logger for Raspberry Pi in a stratospheric probe

Why does alert(0.-5) print -5?

What does からか mean?

Prevent Nautilus / Nemo from creating .Trash-1000 folder in mounted devices

Why is it that Bernie Sanders is always called a "socialist"?

What is a good way to explain how a character can produce flames from their body?

Buying a "Used" Router

What does an unprocessed RAW file look like?

How to politely refuse in-office gym instructor for steroids and protein

Writing dialogues for characters whose first language is not English

The No-Straight Maze

How can I handle players killing my NPC outside of combat?

How can I deduce the power of a capacitor from its datasheet?

Rigorous justification for non-relativistic QM perturbation theory assumptions?



Postgres still connecting via SSL - despite invalid certificates














0















I'm playing around with SSL connections to a test postgres server and I'm finding I can still initiate an SSL connection despite invalid certificates. (The valid date has expired)



I have enforced SSL connections in the pg_hba.conf



## pg_hba.conf - SSL TESTING

hostssl         mike            mike            192.168.56.106/32       md5


SSL Certificate is expired:



$ openssl x509 -in server.crt -noout -dates

notBefore=Feb 22 18:29:39 2019 GMT

notAfter=Feb 23 18:29:39 2019 GMT


Still able to connect via SSL:



postgres:/db/postgresql/10/data>psql "sslmode=require host=192.168.56.105 dbname=mike user=mike"

Password: 

psql (10.7)

SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384, bits: 256, compression: off)

Type "help" for help.

mike=>


Why can I still connect?



I'm hoping for a situation where the connection is rejected because the certificate is invalid - am I missing something? Any help appreciated :)






postgresql ssl






share







New contributor




Mike Gale is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

























    0















    I'm playing around with SSL connections to a test postgres server and I'm finding I can still initiate an SSL connection despite invalid certificates. (The valid date has expired)



    I have enforced SSL connections in the pg_hba.conf



    ## pg_hba.conf - SSL TESTING
    
hostssl         mike            mike            192.168.56.106/32       md5


    SSL Certificate is expired:



    $ openssl x509 -in server.crt -noout -dates
    
notBefore=Feb 22 18:29:39 2019 GMT
    
notAfter=Feb 23 18:29:39 2019 GMT


    Still able to connect via SSL:



    postgres:/db/postgresql/10/data>psql "sslmode=require host=192.168.56.105 dbname=mike user=mike"
    
Password: 
    
psql (10.7)
    
SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384, bits: 256, compression: off)
    
Type "help" for help.
    
mike=>


    Why can I still connect?



    I'm hoping for a situation where the connection is rejected because the certificate is invalid - am I missing something? Any help appreciated :)






    postgresql ssl






    share







    New contributor




    Mike Gale is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.























      0












      0








      0








      I'm playing around with SSL connections to a test postgres server and I'm finding I can still initiate an SSL connection despite invalid certificates. (The valid date has expired)



      I have enforced SSL connections in the pg_hba.conf



      ## pg_hba.conf - SSL TESTING
      
hostssl         mike            mike            192.168.56.106/32       md5


      SSL Certificate is expired:



      $ openssl x509 -in server.crt -noout -dates
      
notBefore=Feb 22 18:29:39 2019 GMT
      
notAfter=Feb 23 18:29:39 2019 GMT


      Still able to connect via SSL:



      postgres:/db/postgresql/10/data>psql "sslmode=require host=192.168.56.105 dbname=mike user=mike"
      
Password: 
      
psql (10.7)
      
SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384, bits: 256, compression: off)
      
Type "help" for help.
      
mike=>


      Why can I still connect?



      I'm hoping for a situation where the connection is rejected because the certificate is invalid - am I missing something? Any help appreciated :)






      postgresql ssl






      share







      New contributor




      Mike Gale is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.












      I'm playing around with SSL connections to a test postgres server and I'm finding I can still initiate an SSL connection despite invalid certificates. (The valid date has expired)



      I have enforced SSL connections in the pg_hba.conf



      ## pg_hba.conf - SSL TESTING
      
hostssl         mike            mike            192.168.56.106/32       md5


      SSL Certificate is expired:



      $ openssl x509 -in server.crt -noout -dates
      
notBefore=Feb 22 18:29:39 2019 GMT
      
notAfter=Feb 23 18:29:39 2019 GMT


      Still able to connect via SSL:



      postgres:/db/postgresql/10/data>psql "sslmode=require host=192.168.56.105 dbname=mike user=mike"
      
Password: 
      
psql (10.7)
      
SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384, bits: 256, compression: off)
      
Type "help" for help.
      
mike=>


      Why can I still connect?



      I'm hoping for a situation where the connection is rejected because the certificate is invalid - am I missing something? Any help appreciated :)






      postgresql ssl




      postgresql ssl





      share







      New contributor




      Mike Gale is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.










      share







      New contributor




      Mike Gale is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.








      share



      share






      New contributor




      Mike Gale is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      asked 2 mins ago









      Mike GaleMike Gale

      1




      1




      New contributor




      Mike Gale is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.





      New contributor





      Mike Gale is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






      Mike Gale is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






















          0






          active

          oldest

          votes











          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "182"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });






          Mike Gale is a new contributor. Be nice, and check out our Code of Conduct.










          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fdba.stackexchange.com%2fquestions%2f230643%2fpostgres-still-connecting-via-ssl-despite-invalid-certificates%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          0






          active

          oldest

          votes








          0






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          Mike Gale is a new contributor. Be nice, and check out our Code of Conduct.










          draft saved

          draft discarded


















          Mike Gale is a new contributor. Be nice, and check out our Code of Conduct.













          Mike Gale is a new contributor. Be nice, and check out our Code of Conduct.












          Mike Gale is a new contributor. Be nice, and check out our Code of Conduct.
















          Thanks for contributing an answer to Database Administrators Stack Exchange!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fdba.stackexchange.com%2fquestions%2f230643%2fpostgres-still-connecting-via-ssl-despite-invalid-certificates%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          Szabolcs (Ungheria) Altri progetti | Menu di navigazione48°10′14.56″N 21°29′33.14″E /...

          Image
          Comuni della provincia di Szabolcs-Szatmár-Bereg Ungheria2001provincia di Szabolcs-Szatmár-Bereg Szabolcs comune Localizzazione Stato   Ungheria Regione Grande Pianura Settentrionale Provincia Szabolcs-Szatmár-Bereg Territorio Coordinate 48°10′14.56″N 21°29′33.14″E  /  48.17071°N 21.49254°E 48.17071; 21.49254  ( Szabolcs ) Coordinate: 48°10′14.56″N 21°29′33.14″E  /  48.17071°N 21.49254°E 48.17071; 21.49254  ( Szabolcs ) Superficie 5,88 km² Abitanti 425 (2001) Densità 72,28 ab./km² Altre informazioni Cod. postale 4467 Prefisso 42 Fuso orario UTC+1 Codice KSH 19169 Cartografia Szabolcs Sito istituzionale Modifica dati su Wikidata  · Manuale Szabolcs è un comune dell'Ungheria di 425 abitanti (dati 2001). È situato nella provincia di Szabolcs-Szatmár-Bereg. Altri progetti | Altri progetti Wikimedia Commons Wikimedia Commons contiene immagini o altri file su Szabolcs .mw-parser-output
          Read more

          Discografia di Klaus Schulze Indice Album in studio | Album dal vivo | Singoli | Antologie | Colonne...

          Image
          Discografie di artisti tedeschi Voce principale: Klaus Schulze . Discografia di Klaus Schulze Klaus Schulze e Lisa Gerrard durante un concerto Album in studio 56 ↙ Album dal vivo 15 ↙ Raccolte 37 ↙ Singoli 4 ↙ Album video 1 ↙ Colonne sonore 4 ↙ Indice 1 Album in studio 1.1 Solisti 1.1.1 Come Richard Wahnfried 1.2 Collaborazioni 1.2.1 Con Rainer Bloss 1.2.2 Con Rainer Bloss ed Ernst Fuchs 1.2.3 Con Lisa Gerrard 1.2.4 Con Andreas Grosser 1.2.5 Con Pete Namlook 1.2.6 Con Pete Namlook e Bill Laswell 1.2.7 Con Michael Shrieve 1.2.8 Con Solar Moon 1.2.9 Con artisti vari 2 Album dal vivo 3 Singoli 4 Antologie 5 Colonne sonore 6 Videografia 7 Collegamenti musica Album in studio | Solisti | 1972 – Irrlicht 1973 – Cyborg 1974 – Blackdance 1975 – Timewind 1975 – Picture Music 1976 – Moondawn 1977 – Mirage 1978 – "X" 1979 – Dune
          Read more

          How to make inet_server_addr() return localhost in spite of ::1/128RETURN NEXT in Postgres FunctionConnect to...

          Image
          Potential client has a problematic employee I can't work with Can the "Friends" spell be used without making the target hostile? Does it take energy to move something in a circle? Why are carbons of Inositol chiral centers? Count repetitions of an array Which RAF squadrons and aircraft types took part in the bombing of Berlin on the 25th of August 1940? Memory usage: #define vs. static const for uint8_t Broad Strokes - missing letter riddle Why does 0.-5 evaluate to -5? Why is 'diphthong' pronounced the way it is? Why did Luke use his left hand to shoot?
          Read more