Re: Let people set host(no)ssl settings from initdb

From: Michael Paquier <michael(at)paquier(dot)xyz>
To: Daniel Gustafsson <daniel(at)yesql(dot)se>
Cc: David Fetter <david(at)fetter(dot)org>, Cary Huang <cary(dot)huang(at)highgo(dot)ca>, pgsql-hackers(at)lists(dot)postgresql(dot)org
Subject: Re: Let people set host(no)ssl settings from initdb
Date: 2020-09-07 02:57:58
Message-ID: 20200907025758.GG2455@paquier.xyz
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Thu, Jul 02, 2020 at 04:02:21PM +0200, Daniel Gustafsson wrote:
> The CF Patch Tester consider this patch to be malformed and is unable to apply
> and test it. Can you please submit a rebased version?

I have looked at the patch of this thread, and I doubt that it is a
good idea to put more burden into initdb for that. I agree that
being able to reject easily non-SSL connections in pg_hba.conf is a
bit of a hassle now, but putting more logic into initdb does not seem
the right course to me. Perhaps we could consider an idea like
Peter's to have a sslmode=require on the server side and ease the
generation of HBA rules..

The patch has stalled for two months now without a rebase provided, so
I am marking it as returned with feedback.
--
Michael

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Michael Paquier 2020-09-07 03:05:26 Re: vacuum verbose: show pages marked allvisible/frozen/hintbits
Previous Message Michael Paquier 2020-09-07 02:51:47 Re: Remove page-read callback from XLogReaderState.