From: | Alvaro Herrera <alvherre(at)commandprompt(dot)com> |
---|---|
To: | Magnus Hagander <magnus(at)hagander(dot)net> |
Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Lou Picciano <loupicciano(at)comcast(dot)net>, Pg Hackers <pgsql-hackers(at)postgresql(dot)org>, Srinivas Aji <srinivas(dot)aji(at)emc(dot)com> |
Subject: | Re: Re: [BUGS] BUG #6189: libpq: sslmode=require verifies server certificate if root.crt is present |
Date: | 2011-09-23 14:44:09 |
Message-ID: | 1316788985-sup-7886@alvh.no-ip.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs pgsql-hackers |
Excerpts from Magnus Hagander's message of vie sep 23 11:31:37 -0300 2011:
>
> On Fri, Sep 23, 2011 at 15:55, Alvaro Herrera
> <alvherre(at)commandprompt(dot)com> wrote:
> > This seems strange to me. Why not have a second option to let the user
> > indicate the desired SSL verification?
> >
> > sslmode=disable/allow/prefer/require
> > sslverify=none/ca-if-present/ca/full
> >
> > (ca-if-present being the current "require" sslmode behavior).
> >
> > We could then deprecate sslmode=verify and verify-full and have them be
> > synonyms of sslmode=require and corresponding sslverify.
>
> Hmm. I agree that the other suggestion was a bit weird, but I'm not
> sure I like the multiple-options approach either. That's going to
> require redesign of all software that deals with it at all today :S
Why? They could continue to use the existing options; or switch to the
new options if they wanted different behavior, as is the case of the OP.
> Maybe we should just update the docs and be done with it :-)
That's another option, sure ... :-)
--
Álvaro Herrera <alvherre(at)commandprompt(dot)com>
The PostgreSQL Company - Command Prompt, Inc.
PostgreSQL Replication, Consulting, Custom Development, 24x7 support
From | Date | Subject | |
---|---|---|---|
Next Message | YAMAMOTO Takashi | 2011-09-23 17:10:26 | Re: BUG #6218: TRAP: FailedAssertion( "!(owner->nsnapshots == 0)", File: "resowner.c", Line: 365) |
Previous Message | Magnus Hagander | 2011-09-23 14:31:37 | Re: Re: [BUGS] BUG #6189: libpq: sslmode=require verifies server certificate if root.crt is present |
From | Date | Subject | |
---|---|---|---|
Next Message | Robert Haas | 2011-09-23 14:46:00 | Re: Large C files |
Previous Message | Greg Stark | 2011-09-23 14:42:51 | Re: index-only scans |