| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: controlling the location of server-side SSL files |
| Date: | 2012-02-29 19:36:16 |
| Message-ID: | 1330544176.30260.7.camel@vanquo.pezone.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On ons, 2012-02-29 at 14:27 -0500, Tom Lane wrote:
> Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
> > On ons, 2012-02-29 at 14:20 -0500, Tom Lane wrote:
> >> In particular, I observe that we get pushback anytime we break something
> >> in a way that makes SSL config files be required on the client side;
> >> see bug #6302 for most recent example.
>
> > *If* we were to make a change in libpq analogous to the server side, the
> > effect would be to make the files less required, which could actually
> > help the case of bug #6302.
>
> Hm? Obviously I misunderstood what changes you were proposing to make,
> so would you mind spelling it out?
The details are to be determined, but a possible change would likely be
that instead of looking for a file and using it if and only if found,
there would be some kind of connection parameter saying "use this file
for this functionality", and otherwise it's not used. The particular
example would be the CRL file.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Dunstan | 2012-02-29 20:08:06 | Re: "make check" in src/test/isolation is unworkable |
| Previous Message | Heikki Linnakangas | 2012-02-29 19:33:28 | Re: 16-bit page checksums for 9.2 |