* Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
> I think I agree with Martin on this. The server doesn't fail if you
> don't provide it a root cert; it just doesn't try to trace client certs
> to the root. It is not apparent why the client should be stricter than
> that, and definitely not apparent why such strictness should be the
> default behavior.
I agree with this. Avoiding spoofing is good, but so is on the wire
encryption even if you don't have anti-spoofing. This is a reasonable
set-up and we shouldn't just fail on it.
In response to
pgsql-bugs by date
|Next:||From: Stephen Frost||Date: 2009-04-10 18:32:29|
|Subject: Re: libpq 8.4 beta1: $PGHOST complains about missingroot.crt|
|Previous:||From: Peter Eisentraut||Date: 2009-04-10 18:21:54|
|Subject: Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt|