On Mon, Apr 25, 2011 at 1:11 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Robert Haas <robertmhaas(at)gmail(dot)com> writes:
>> On Mon, Apr 25, 2011 at 12:52 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>>> I'm inclined to think that the correct fix is to make parse_hba_line,
>>> where it first realizes the line is "hostssl", check not only that SSL
>>> support is compiled but that it's turned on.
>> It's not clear to me what behavior you are proposing. Would we
>> disregard the hostssl line or treat it as an error?
> Sorry, I wasn't clear. I meant to throw an error. We already do throw
> an error if you put hostssl in pg_hba.conf when SSL support wasn't
> compiled at all. Why shouldn't we throw an error if it's compiled but
> not turned on?
OK, I think you're right.
The Enterprise PostgreSQL Company
In response to
pgsql-hackers by date
|Next:||From: Magnus Hagander||Date: 2011-04-25 17:23:43|
|Subject: Re: Unfriendly handling of pg_hba SSL options with SSL off|
|Previous:||From: Tom Lane||Date: 2011-04-25 17:18:38|
|Subject: Re: Unfriendly handling of pg_hba SSL options with SSL off |