"Dan Kaminsky" <dan(at)doxpara(dot)com> writes:
> Clearly, this is handling self-signed certs. Great. But what I really want
> to know is, is verify_peer accepting a self-signed identity assertion?
> Because that'd be remote EoP.
I'm just guessing what you're driving at (unexplained acronyms aren't
a good way to communicate), but I think it's not a big problem. PG
doesn't rely on SSL for authentication, only for communications
security, so whether the remote cert is self-signed doesn't seem
like much of an issue. Anyway, you can adjust your list of trusted
CAs to determine whether you'll accept it or not.
regards, tom lane