Skip site navigation (1) Skip section navigation (2)

Re: controlling the location of server-side SSL files

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Magnus Hagander <magnus(at)hagander(dot)net>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: controlling the location of server-side SSL files
Date: 2012-02-29 19:36:16
Message-ID: 1330544176.30260.7.camel@vanquo.pezone.net (view raw or flat)
Thread:
Lists: pgsql-hackers
On ons, 2012-02-29 at 14:27 -0500, Tom Lane wrote:
> Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
> > On ons, 2012-02-29 at 14:20 -0500, Tom Lane wrote:
> >> In particular, I observe that we get pushback anytime we break something
> >> in a way that makes SSL config files be required on the client side;
> >> see bug #6302 for most recent example.
> 
> > *If* we were to make a change in libpq analogous to the server side, the
> > effect would be to make the files less required, which could actually
> > help the case of bug #6302.
> 
> Hm?  Obviously I misunderstood what changes you were proposing to make,
> so would you mind spelling it out?

The details are to be determined, but a possible change would likely be
that instead of looking for a file and using it if and only if found,
there would be some kind of connection parameter saying "use this file
for this functionality", and otherwise it's not used.  The particular
example would be the CRL file.



In response to

Responses

pgsql-hackers by date

Next:From: Andrew DunstanDate: 2012-02-29 20:08:06
Subject: Re: "make check" in src/test/isolation is unworkable
Previous:From: Heikki LinnakangasDate: 2012-02-29 19:33:28
Subject: Re: 16-bit page checksums for 9.2

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group