Re: Let people set host(no)ssl settings from initdb

On Mon, Sep 07, 2020 at 11:57:58AM +0900, Michael Paquier wrote:
> On Thu, Jul 02, 2020 at 04:02:21PM +0200, Daniel Gustafsson wrote:
> > The CF Patch Tester consider this patch to be malformed and is unable to apply
> > and test it. Can you please submit a rebased version?
>
> I have looked at the patch of this thread, and I doubt that it is a
> good idea to put more burden into initdb for that. I agree that
> being able to reject easily non-SSL connections in pg_hba.conf is a
> bit of a hassle now, but putting more logic into initdb does not seem
> the right course to me. Perhaps we could consider an idea like
> Peter's to have a sslmode=require on the server side and ease the
> generation of HBA rules..
>
> The patch has stalled for two months now without a rebase provided, so
> I am marking it as returned with feedback.

Please find attached the rebased patch.

Peter's suggestion seems a little more subtle to me than requiring TLS
on the server side in that what people generally want to do is
disallow clear text connections entirely. In those scenarios, people
would also want to set (and be able to change at runtime) some kind of
cryptographic policy, as SSH and TLS do. While I see this as a worthy
goal, it's a much bigger lift than an optional argument or two to
initdb, and requires a lot more discussion than it's had to date.

Best,
David.
--
David Fetter <david(at)fetter(dot)org> http://fetter.org/
Phone: +1 415 235 3778

Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate