On Thursday 20 September 2007 11:41:00 Tom Lane wrote:
> "Albe Laurenz" <laurenz.albe@wien.gv.at> writes:
> > Jorge Godoy wrote:
> >> Even though one can require connections using only SSL on the
> >> server side, I don't see a method (in pg_hba.conf) that
> >> would allow clients with SSL certificates.
> >
> > Nor do I.
>
> If you mean *require* clients to have certificates, that's not
> determined by pg_hba.conf, it's determined by whether you provide
> a root.crt file. See
> http://www.postgresql.org/docs/8.2/static/ssl-tcp.html
Thank you! Complemented with
http://www.postgresql.org/docs/8.2/static/libpq-ssl.html this is exactly
what we were guessing the OP asked for...
I'll have to dig if the libraries I use support that. It would be much more
interesting changing certificates once a year than hardcoding passwords on
code...
--
Jorge Godoy <jgodoy@gmail.com>