Home > mailing lists

Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt - Mailing list pgsql-bugs

From	Tom Lane
Subject	Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt
Date	April 10, 2009 14:41:45
Msg-id	22593.1239374494@sss.pgh.pa.us Whole thread Raw
In response to	Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt (Martin Pitt <mpitt@debian.org>)
Responses	Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt
List	pgsql-bugs

Tree view

Martin Pitt <mpitt@debian.org> writes:
> I do see the benefit of failing to connect to an SSL-enabled server
> *if* I have a root.crt which doesn't match. But why fail if I don't
> have one?

I think I agree with Martin on this.  The server doesn't fail if you
don't provide it a root cert; it just doesn't try to trace client certs
to the root.  It is not apparent why the client should be stricter than
that, and definitely not apparent why such strictness should be the
default behavior.

            regards, tom lane

pgsql-bugs by date:

From: Martin Pitt
Date: 10 April 2009, 14:32:18
Subject: Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt

From: Magnus Hagander
Date: 10 April 2009, 17:14:09
Subject: Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt

Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt - Mailing list pgsql-bugs

Previous

Next