| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Kyotaro Horiguchi <horikyota(dot)ntt(at)gmail(dot)com> |
| Cc: | bruce(at)momjian(dot)us, michael(at)paquier(dot)xyz, pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Subject: | Re: "cert" + clientcert=verify-ca in pg_hba.conf? |
| Date: | 2020-09-25 01:59:50 |
| Message-ID: | 1819158.1600999190@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Kyotaro Horiguchi <horikyota(dot)ntt(at)gmail(dot)com> writes:
> Thank you Bruce, Michael. This is a rebased version.
I really strongly object to all the encoded data in this patch.
One cannot read it, one cannot even easily figure out how long
it is until the tests break by virtue of the certificates expiring.
One can, however, be entirely certain that they *will* break at
some point. I don't like the idea of time bombs in our test suite.
That being the case, it'd likely be better to drop all the pre-made
certificates and have the test scripts create them on the fly.
That'd remove both the documentation problem (i.e., having readable
info as to how the certificates were made) and the expiration problem.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2020-09-25 02:00:10 | Re: fixing old_snapshot_threshold's time->xid mapping |
| Previous Message | Dilip Kumar | 2020-09-25 01:51:22 | Re: Logical replication from PG v13 and below to PG v14 (devel version) is not working. |