* Tom Lane <tgl@sss.pgh.pa.us> [0218 15:18]:
> Perhaps easier would be to set "PGSSLMODE=allow" (or even "disable") in
> the client environment. This will work for libpq-based clients; there
> may be something equivalent if you are using other software.
Thanks Tom, I'll give that a go.
> Also: why aren't you just using a Unix socket? We never do SSL over
> Unix sockets.
As I said, it's set to 'trust' and restricted to a local group.
Also, the deletion/rebuilding of the socket causes the application to
lose the db connection, hopefully it will be more forgiving of a server
bounce over IP.
--
'Oh, wait you're serious. Let me laugh even harder.'
-- Bender
Rasputin :: Jack of All Trades - Master of Nuns
