Re: patch: Client certificate requirements

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: "Alex Hunsaker" <badalex(at)gmail(dot)com>
Cc: "Magnus Hagander" <magnus(at)hagander(dot)net>, "PG Hackers" <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: patch: Client certificate requirements
Date: 2008-11-16 00:39:06
Message-ID: 13662.1226795946@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

"Alex Hunsaker" <badalex(at)gmail(dot)com> writes:
> Err that really should be ereport(FATAL,

I don't think that's a particularly user-friendly design.

The behavior I'd expect to see is

1. Root cert file not there: issue existing LOG message. Maybe the user is
expecting client cert verification, and maybe he isn't, but it is a good
idea to put out the LOG message just to make sure he knows what will
happen.

2. Root cert file present but we fail to load it: FATAL is probably okay
here, but not with that hint message.

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Alex Hunsaker 2008-11-16 02:34:21 Re: patch: Client certificate requirements
Previous Message Tom Lane 2008-11-16 00:25:58 Re: "ORDER BY" clause prevents "UPDATE WHERE CURRENT OF"