Skip site navigation (1) Skip section navigation (2)

Re: Unfriendly handling of pg_hba SSL options with SSL off

From: Robert Haas <robertmhaas(at)gmail(dot)com>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: Unfriendly handling of pg_hba SSL options with SSL off
Date: 2011-04-25 17:19:52
Message-ID: BANLkTimdqpN4_V=Li27C-NPPuPTHZhC2nA@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-hackers
On Mon, Apr 25, 2011 at 1:11 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Robert Haas <robertmhaas(at)gmail(dot)com> writes:
>> On Mon, Apr 25, 2011 at 12:52 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>>> I'm inclined to think that the correct fix is to make parse_hba_line,
>>> where it first realizes the line is "hostssl", check not only that SSL
>>> support is compiled but that it's turned on.
>
>> It's not clear to me what behavior you are proposing.  Would we
>> disregard the hostssl line or treat it as an error?
>
> Sorry, I wasn't clear.  I meant to throw an error.  We already do throw
> an error if you put hostssl in pg_hba.conf when SSL support wasn't
> compiled at all.  Why shouldn't we throw an error if it's compiled but
> not turned on?

OK, I think you're right.

-- 
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

In response to

pgsql-hackers by date

Next:From: Magnus HaganderDate: 2011-04-25 17:23:43
Subject: Re: Unfriendly handling of pg_hba SSL options with SSL off
Previous:From: Tom LaneDate: 2011-04-25 17:18:38
Subject: Re: Unfriendly handling of pg_hba SSL options with SSL off

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group