Martin Pitt wrote:
> I do see the benefit of failing to connect to an SSL-enabled server
> *if* I have a root.crt which doesn't match. But why fail if I don't
> have one?
I have digested this thread, and have done two things: improved the
documentation and posted a patch to make the error message clearer.
In terms of your suggestion about root.crt, I think sslverify != none
should error if it can't verify the server's certificate, whether the
root.crt file is there or not. If you are asking for sslverify, it
should do that or error, not ignore the setting if there is no root.crt
file. The only other approach would be to add an sslverify value of
'try' that tries only if root.crt exists.
A separate issue is if sslverify should default to 'cn'.
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
+ If your life is a hard drive, Christ can be your backup. +
In response to
pgsql-bugs by date
|Next:||From: Tom Lane||Date: 2009-04-11 22:00:26|
|Subject: Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt |
|Previous:||From: Tom Lane||Date: 2009-04-11 21:31:18|
|Subject: Re: BUG #4757: to_timestamp returns incorrect result |