Peter Eisentraut <peter_e@gmx.net> writes:
> Does anyone have any suggestions how to handle this? This was never an
> advertised feature so we have a little room to play with, I suppose.
I think the SSL code is actually broken --- leastwise, the libpq side
of it looks mighty bogus to me. It can't possibly work to negotiate
the SSL setup before we've done the connect, can it? (I believe whoever
added the nonblocking-connect logic to libpq fouled this up.)
I've been griping about that since January but no one's responded, not
even to say "yes it's busted" or "it works for me". So the level of
interest seems awfully low, and I have no particular interest in fixing
it myself.
Bottom line: if you think it needs changing then change it. There
sure aren't going to be very many complainers.
regards, tom lane