On Tue, Sep 1, 2020 at 01:59:25PM +0900, Kyotaro Horiguchi wrote:
> At Mon, 31 Aug 2020 11:34:29 -0400, Bruce Momjian <bruce@momjian.us> wrote in
> > On Mon, Aug 31, 2020 at 05:56:58PM +0900, Kyotaro Horiguchi wrote:
> > > Ok, this is that. If we spcify clientcert=no-verify other than for
> > > "cert" authentication, server complains as the following at startup.
> >
> > Why does clientcert=no-verify have any value, even for a
> > cert-authentication line?
> >
> > > > LOG: no-verify or 0 is the default setting that is discouraged to use explicitly for clientcert option
> > > > HINT: Consider removing the option instead. This option value is going to be deprecated in later version.
> > > > CONTEXT: line 90 of configuration file "/home/horiguti/data/data_noverify/pg_hba.conf"
> >
> > I think it should just be removed in PG 14. This is a configuration
> > setting, not an SQL-level item that needs a deprecation period.
>
> Ok, it is changed to just error out. I tempted to show a suggestion to
> removing the option in that case like the following, but *didn't* in
> this version of the patch.
OK, I have developed the attached patch based on yours. I reordered the
tests, simplified the documentation, and removed the hint since they
will already get a good error message, and we will document this change
in the release notes. It is also good you removed the 0/1 values for
this, since that was also confusing. We will put that removal in the
release notes too.
--
Bruce Momjian <bruce@momjian.us> https://momjian.us
EnterpriseDB https://enterprisedb.com
The usefulness of a cup is in its emptiness, Bruce Lee
