Home > mailing lists

Re: Postgresql and SSL - Mailing list pgsql-general

From	Jorge Godoy
Subject	Re: Postgresql and SSL
Date	September 21, 2007 00:20:25
Msg-id	200709202120.07364.jgodoy@gmail.com Whole thread Raw
In response to	Re: Postgresql and SSL (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: Postgresql and SSL
List	pgsql-general

Tree view

On Thursday 20 September 2007 11:41:00 Tom Lane wrote:
> "Albe Laurenz" <laurenz.albe@wien.gv.at> writes:
> > Jorge Godoy wrote:
> >> Even though one can require connections using only SSL on the
> >> server side, I don't see a method (in pg_hba.conf) that
> >> would allow clients with SSL certificates.
> >
> > Nor do I.
>
> If you mean *require* clients to have certificates, that's not
> determined by pg_hba.conf, it's determined by whether you provide
> a root.crt file.  See
> http://www.postgresql.org/docs/8.2/static/ssl-tcp.html

Thank you!  Complemented with
http://www.postgresql.org/docs/8.2/static/libpq-ssl.html  this is exactly
what we were guessing the OP asked for...

I'll have to dig if the libraries I use support that.  It would be much more
interesting changing certificates once a year than hardcoding passwords on
code...

--
Jorge Godoy      <jgodoy@gmail.com>

pgsql-general by date:

From: "Merlin Moncure"
Date: 20 September 2007, 22:38:48
Subject: Re: Migration from PervasiveSQL

From: Jerry Sievers
Date: 21 September 2007, 01:50:57
Subject: Re: Adding domain type with CHECK constraints slow on large table

Re: Postgresql and SSL - Mailing list pgsql-general

Previous

Next