Skip site navigation (1) Skip section navigation (2)

Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Bruce Momjian <bruce(at)momjian(dot)us>
Cc: Martin Pitt <mpitt(at)debian(dot)org>, pgsql-bugs(at)postgresql(dot)org
Subject: Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt
Date: 2009-04-11 22:00:26
Message-ID: 8612.1239487226@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-bugs
Bruce Momjian <bruce(at)momjian(dot)us> writes:
> In terms of your suggestion about root.crt, I think sslverify != none
> should error if it can't verify the server's certificate, whether the
> root.crt file is there or not.  If you are asking for sslverify, it
> should do that or error, not ignore the setting if there is no root.crt
> file.

Fair enough.

> The only other approach would be to add an sslverify value of
> 'try' that tries only if root.crt exists.

+1 for adding a "try" setting (though I'm not sure if I like that name
or not).  I don't think that we actually have any choice in the matter.
By the end of beta, we *will* have such a setting; the only question
in my mind is whether it will be default or not.  That depends on
exactly how nasty the villagers become ...

			regards, tom lane

In response to

Responses

pgsql-bugs by date

Next:From: Magnus HaganderDate: 2009-04-11 22:28:05
Subject: Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt
Previous:From: Bruce MomjianDate: 2009-04-11 21:42:00
Subject: Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group