| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Bruce Momjian <bruce(at)momjian(dot)us> |
| Cc: | Jakob Egger <jakob(at)eggerapps(dot)at>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: sslmode=require fallback |
| Date: | 2016-07-11 14:27:08 |
| Message-ID: | CABUevEz2c5b7WNfd+pCkayM-Dh4bjME7xa3XXFaZv0d5HHQr_w@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Jun 23, 2016 at 1:50 AM, Bruce Momjian <bruce(at)momjian(dot)us> wrote:
> On Thu, Jun 16, 2016 at 10:42:56AM +0200, Magnus Hagander wrote:
> > However, if this is the expected behavior, the documentation
> at https://
> > www.postgresql.org/docs/current/static/libpq-ssl.html should be
> updated to
> > make this more clear. It should be made clear that the existence of
> the
> > file ~/.postgresql/root.crt changes the behavior of sslmode=require
> and
> > sslmode=prefer.
> >
> >
> >
> > Agreed. It's basically backwards compatibility with something that was
> badly
> > documented in the first place :) That's not a particularly strong
> argument for
> > the way it is. Clarifying the documentation would definitely be a good
> > improvement.
>
> Does this have to remain backward-compatible forever?
>
In general no. But I think the problem here is that if somebody misses the
removal of something backwards compatible, it turns off their security.
Which is not good...
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2016-07-11 14:46:21 | Re: Showing parallel status in \df+ |
| Previous Message | Stephen Frost | 2016-07-11 14:25:13 | Re: remove checkpoint_warning |