|From:||Bruce Momjian <bruce(at)momjian(dot)us>|
|To:||Kyotaro Horiguchi <horikyota(dot)ntt(at)gmail(dot)com>|
|Subject:||Re: "cert" + clientcert=verify-ca in pg_hba.conf?|
|Views:||Raw Message | Whole Thread | Download mbox | Resend email|
On Tue, Sep 1, 2020 at 01:59:25PM +0900, Kyotaro Horiguchi wrote:
> At Mon, 31 Aug 2020 11:34:29 -0400, Bruce Momjian <bruce(at)momjian(dot)us> wrote in
> > On Mon, Aug 31, 2020 at 05:56:58PM +0900, Kyotaro Horiguchi wrote:
> > > Ok, this is that. If we spcify clientcert=no-verify other than for
> > > "cert" authentication, server complains as the following at startup.
> > Why does clientcert=no-verify have any value, even for a
> > cert-authentication line?
> > > > LOG: no-verify or 0 is the default setting that is discouraged to use explicitly for clientcert option
> > > > HINT: Consider removing the option instead. This option value is going to be deprecated in later version.
> > > > CONTEXT: line 90 of configuration file "/home/horiguti/data/data_noverify/pg_hba.conf"
> > I think it should just be removed in PG 14. This is a configuration
> > setting, not an SQL-level item that needs a deprecation period.
> Ok, it is changed to just error out. I tempted to show a suggestion to
> removing the option in that case like the following, but *didn't* in
> this version of the patch.
OK, I have developed the attached patch based on yours. I reordered the
tests, simplified the documentation, and removed the hint since they
will already get a good error message, and we will document this change
in the release notes. It is also good you removed the 0/1 values for
this, since that was also confusing. We will put that removal in the
release notes too.
The usefulness of a cup is in its emptiness, Bruce Lee
|Next Message||Alvaro Herrera||2020-09-01 15:48:30||Re: Allow CLUSTER, VACUUM FULL and REINDEX to change tablespace on the fly|
|Previous Message||Justin Pryzby||2020-09-01 15:43:54||Re: Allow CLUSTER, VACUUM FULL and REINDEX to change tablespace on the fly|