Home > mailing lists

Re: Client SSL validation using root.crt - Mailing list pgsql-admin

From	Tom Lane
Subject	Re: Client SSL validation using root.crt
Date	November 17, 2006 16:17:49
Msg-id	15195.1163783862@sss.pgh.pa.us Whole thread Raw
In response to	Client SSL validation using root.crt ("sergio.cinos@info3.com (IMAP)" <sergio.cinos@info3.com>)
List	pgsql-admin

Tree view

"sergio.cinos@info3.com (IMAP)" <sergio.cinos@info3.com> writes:
> I see a strange behaviour using root.crt. PostgreSQL always waits a
> client certificate to check agains root.crt. But I set up a
> 'hostnossl' auth line un pg_hba.conf, PostgreSQL still wants a client
> certificate.

If your client first tries to connect with SSL, it seems likely that the
certificate check would occur before we examine pg_hba.conf and decide
to reject the connection on that basis.  But your client should then
retry without SSL.  See libpq's "sslmode" parameter and PGSSLMODE
environment variable if you want it to try in the other order.

            regards, tom lane

pgsql-admin by date:

From: "sergio.cinos@info3.com (IMAP)"
Date: 17 November 2006, 10:04:47
Subject: Client SSL validation using root.crt

From: Paul Forgey
Date: 17 November 2006, 21:11:17
Subject: remote connections to Windows based server

Re: Client SSL validation using root.crt - Mailing list pgsql-admin

Previous

Next