Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt - Mailing list pgsql-bugs
From | Bruce Momjian |
---|---|
Subject | Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt |
Date | |
Msg-id | 200904142136.n3ELasF14803@momjian.us Whole thread Raw |
In response to | Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt (Bruce Momjian <bruce@momjian.us>) |
List | pgsql-bugs |
Bruce Momjian wrote: > > That's the intention. When you're turning off something, I think it > > makes sense to use "no".... > > But that doesn't scale: sslmode currently has four options, soon > perhaps to be six. The idea is that the items should be of increasing > security, and adding "no" in the middle doesn't allow that to be clear. > > In fact there are too many sslmode options to list them in a paragraph; > it should be an SGML table; I will work on that now. OK, I have created an SGML table to show the sslmode options. While doing that I found that 'disable' was misstated as "attempt only an unencrypted SSL connection". Neither Magnus nor I know what an unencrypted SSL connection is, so we assume it is an error. I have instead replaced it with "try a non-SSL connection". When this was a paragraph it was hard to see that mistake; in an SGML table it was obvious. Patch attached and applied. -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + If your life is a hard drive, Christ can be your backup. + Index: doc/src/sgml/libpq.sgml =================================================================== RCS file: /cvsroot/pgsql/doc/src/sgml/libpq.sgml,v retrieving revision 1.283 diff -c -c -r1.283 libpq.sgml *** doc/src/sgml/libpq.sgml 11 Apr 2009 16:46:54 -0000 1.283 --- doc/src/sgml/libpq.sgml 14 Apr 2009 20:37:02 -0000 *************** *** 254,276 **** <para> This option determines whether or with what priority a <acronym>SSL</> TCP/IP connection will be negotiated with the ! server. There are four modes: <literal>disable</> will attempt ! only an unencrypted <acronym>SSL</> connection; ! <literal>allow</> will negotiate, trying first a ! non-<acronym>SSL</> connection, then if that fails, trying an ! <acronym>SSL</> connection; <literal>prefer</> (the default) ! will negotiate, trying first an <acronym>SSL</> connection, ! then if that fails, trying a regular non-<acronym>SSL</> ! connection; <literal>require</> will try only an ! <acronym>SSL</> connection. <literal>sslmode</> is ignored ! for Unix domain socket communication. ! </para> <para> If <productname>PostgreSQL</> is compiled without SSL support, using option <literal>require</> will cause an error, while options <literal>allow</> and <literal>prefer</> will be ! accepted but <application>libpq</> will not in fact attempt an <acronym>SSL</> connection.<indexterm><primary>SSL</><secondary sortas="libpq">with libpq</></indexterm> --- 254,308 ---- <para> This option determines whether or with what priority a <acronym>SSL</> TCP/IP connection will be negotiated with the ! server. There are four modes: ! ! <table id="libpq-connect-sslmode-options"> ! <title><literal>sslmode</literal> options</title> ! <tgroup cols="2"> ! <thead> ! <row> ! <entry>Option</entry> ! <entry>Description</entry> ! </row> ! </thead> ! ! <tbody> ! ! <row> ! <entry><literal>disable</></entry> ! <entry>only try a non-<acronym>SSL</> connection ! </row> ! ! <row> ! <entry><literal>allow</></entry> ! <entry>first try a non-<acronym>SSL</> ! connection; if that fails, try an <acronym>SSL</> ! connection</entry> ! </row> ! ! <row> ! <entry><literal>prefer</> (default)</entry> ! <entry>first try an <acronym>SSL</> connection; if ! that fails, try a non-<acronym>SSL</> ! connection</entry> ! </row> ! ! <row> ! <entry><literal>require</></entry> ! <entry>only try an <acronym>SSL</> connection</entry> ! </row> ! ! </tbody> ! </tgroup> ! </table> <para> + <literal>sslmode</> is ignored for Unix domain socket + communication. If <productname>PostgreSQL</> is compiled without SSL support, using option <literal>require</> will cause an error, while options <literal>allow</> and <literal>prefer</> will be ! accepted but <application>libpq</> will not actually attempt an <acronym>SSL</> connection.<indexterm><primary>SSL</><secondary sortas="libpq">with libpq</></indexterm>
pgsql-bugs by date: