Bruce Momjian <bruce(at)momjian(dot)us> writes:
> In terms of your suggestion about root.crt, I think sslverify != none
> should error if it can't verify the server's certificate, whether the
> root.crt file is there or not. If you are asking for sslverify, it
> should do that or error, not ignore the setting if there is no root.crt
> The only other approach would be to add an sslverify value of
> 'try' that tries only if root.crt exists.
+1 for adding a "try" setting (though I'm not sure if I like that name
or not). I don't think that we actually have any choice in the matter.
By the end of beta, we *will* have such a setting; the only question
in my mind is whether it will be default or not. That depends on
exactly how nasty the villagers become ...
regards, tom lane
In response to
pgsql-bugs by date
|Next:||From: Magnus Hagander||Date: 2009-04-11 22:28:05|
|Subject: Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt|
|Previous:||From: Bruce Momjian||Date: 2009-04-11 21:42:00|
|Subject: Re: libpq 8.4 beta1: $PGHOST complains about missing