On Wed, Aug 26, 2009 at 15:57, Tom Lane<tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Magnus Hagander <magnus(at)hagander(dot)net> writes:
>> But that will still fail if the user has set it up to require a client
>> certificate.
>
> But not till it gets to the pg_hba checks. We might need to have some
How would that be different from what we have now? sslmode=prefer will
still allow both ssl and non-ssl connection. It won't kick you out
until you reach the hba processing, will it?
> variant on PQrequiresPassword to detect that failure type, but we'll
> already know what we need to.
>
> This still points up the value of adding an actual "ping" interface to
> the protocol, though.
Agreed.
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/