Hello.
At Tue, 1 Sep 2020 11:47:34 -0400, Bruce Momjian <bruce@momjian.us> wrote in
> On Tue, Sep 1, 2020 at 01:59:25PM +0900, Kyotaro Horiguchi wrote:
> > At Mon, 31 Aug 2020 11:34:29 -0400, Bruce Momjian <bruce@momjian.us> wrote in
> > > On Mon, Aug 31, 2020 at 05:56:58PM +0900, Kyotaro Horiguchi wrote:
> > > > Ok, this is that. If we spcify clientcert=no-verify other than for
> > > > "cert" authentication, server complains as the following at startup.
> > >
> > > Why does clientcert=no-verify have any value, even for a
> > > cert-authentication line?
> > >
> > > > > LOG: no-verify or 0 is the default setting that is discouraged to use explicitly for clientcert option
> > > > > HINT: Consider removing the option instead. This option value is going to be deprecated in later version.
> > > > > CONTEXT: line 90 of configuration file "/home/horiguti/data/data_noverify/pg_hba.conf"
> > >
> > > I think it should just be removed in PG 14. This is a configuration
> > > setting, not an SQL-level item that needs a deprecation period.
> >
> > Ok, it is changed to just error out. I tempted to show a suggestion to
> > removing the option in that case like the following, but *didn't* in
> > this version of the patch.
>
> OK, I have developed the attached patch based on yours. I reordered the
> tests, simplified the documentation, and removed the hint since they
Looks good to me.
> will already get a good error message, and we will document this change
Oops! I thought I had removed that in the patch. Sorry for the mistake
and that also looks good to me.
> in the release notes. It is also good you removed the 0/1 values for
> this, since that was also confusing. We will put that removal in the
> release notes too.
Thank you for your assistance, Bruce!
regards.
--
Kyotaro Horiguchi
NTT Open Source Software Center