Home > mailing lists

Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt - Mailing list pgsql-bugs

From	Bruce Momjian
Subject	Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt
Date	April 12, 2009 01:49:36
Msg-id	200904120149.n3C1nZS25297@momjian.us Whole thread Raw
In response to	Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt (Bruce Momjian <bruce@momjian.us>)
Responses	Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt
List	pgsql-bugs

Tree view

Bruce Momjian wrote:
> It would be nice if 'sslverify' mimicked 'sslmode', which has these
> values:
>
>     disable
>     allow
>     prefer
>     require
>
> I don't see how we could use 'allow', but 'disable', 'prefer', and
> 'require' seem to work for sslverify, like sslmode.

OK, crazy idea --- we use the three-value mode for sslverify listed
above, but we have it default to the value of sslmode.  So, when sslmode
is prefer (the default), sslverify is 'prefer'.  When sslmode is
require, so is sslverify, and of course disable sets them both to
disable.  This gives us good defaults (prefer), but auto-locks down the
system when sslmode is 'require'.

--
  Bruce Momjian  <bruce@momjian.us>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

  + If your life is a hard drive, Christ can be your backup. +

pgsql-bugs by date:

From: Bruce Momjian
Date: 12 April 2009, 01:25:48
Subject: Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt

From: Magnus Hagander
Date: 12 April 2009, 07:10:22
Subject: Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt

Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt - Mailing list pgsql-bugs

Previous

Next