Skip site navigation (1) Skip section navigation (2)

Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt

From: Bruce Momjian <bruce(at)momjian(dot)us>
To: pgsql-bugs(at)postgresql(dot)org
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Magnus Hagander <magnus(at)hagander(dot)net>, Martin Pitt <mpitt(at)debian(dot)org>
Subject: Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt
Date: 2009-04-12 01:49:35
Message-ID: 200904120149.n3C1nZS25297@momjian.us (view raw or flat)
Thread:
Lists: pgsql-bugs
Bruce Momjian wrote:
> It would be nice if 'sslverify' mimicked 'sslmode', which has these
> values:
> 
> 	disable
> 	allow
> 	prefer
> 	require
> 
> I don't see how we could use 'allow', but 'disable', 'prefer', and
> 'require' seem to work for sslverify, like sslmode.

OK, crazy idea --- we use the three-value mode for sslverify listed
above, but we have it default to the value of sslmode.  So, when sslmode
is prefer (the default), sslverify is 'prefer'.  When sslmode is
require, so is sslverify, and of course disable sets them both to
disable.  This gives us good defaults (prefer), but auto-locks down the
system when sslmode is 'require'.

-- 
  Bruce Momjian  <bruce(at)momjian(dot)us>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

  + If your life is a hard drive, Christ can be your backup. +

In response to

Responses

pgsql-bugs by date

Next:From: Magnus HaganderDate: 2009-04-12 07:10:13
Subject: Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt
Previous:From: Bruce MomjianDate: 2009-04-12 01:25:39
Subject: Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group