Re: libpq: system-wide root.crt

On Fri, Sep 24, 2010 at 00:41, Peter Eisentraut <peter_e(at)gmx(dot)net> wrote:
> On tor, 2010-09-23 at 08:36 +0200, Magnus Hagander wrote:
>> I wonder if we want to have a default value for this rather than
>> disabling it when it's not specified by configure. But is there any
>> kind of reasonable default that's not going to be
>> platform/distribution specific?
>
> I would like for us to find a way to do it without configure options.
> Compiling in stuff is always weird.

I think the compile-time default really is designed for distributions
- in this case debian, right? I would assume debian would prefer a
combination of a compile-time default and the below, rather than just
the default?

> I'm thinking, libpq could really use a global (and, for that matter, a
> per-user) configuration file, where you could set defaults for some of
> the things that you currently have to use environment variables for,
> e.g., sslmode.  And then you can configure the system-wide root.crt
> location there.

We already have this - pg_service.conf - no?

> Alternatively, if you think that that is overkill, then using an
> environment variable to configure this feature would be consistent with
> the existing mechanisms.

So in this case, a "sslfallbackroot=/etc/somewhere" parameter, that
you could then stick in etc/pg_service.conf, or in any of the other
places you can specify it? The one thing I think would be really
needed for that to work is to support wildcard database names in
pg_service.conf?

--
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/