Home > mailing lists

Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt - Mailing list pgsql-bugs

From	Tom Lane
Subject	Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt
Date	April 11, 2009 22:00:38
Msg-id	8612.1239487226@sss.pgh.pa.us Whole thread Raw
In response to	Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt (Bruce Momjian <bruce@momjian.us>)
Responses	Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt (Magnus Hagander <magnus@hagander.net>)
List	pgsql-bugs

Tree view

Bruce Momjian <bruce@momjian.us> writes:
> In terms of your suggestion about root.crt, I think sslverify != none
> should error if it can't verify the server's certificate, whether the
> root.crt file is there or not.  If you are asking for sslverify, it
> should do that or error, not ignore the setting if there is no root.crt
> file.

Fair enough.

> The only other approach would be to add an sslverify value of
> 'try' that tries only if root.crt exists.

+1 for adding a "try" setting (though I'm not sure if I like that name
or not).  I don't think that we actually have any choice in the matter.
By the end of beta, we *will* have such a setting; the only question
in my mind is whether it will be default or not.  That depends on
exactly how nasty the villagers become ...

            regards, tom lane

pgsql-bugs by date:

From: Bruce Momjian
Date: 11 April 2009, 21:42:05
Subject: Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt

From: Magnus Hagander
Date: 11 April 2009, 22:28:10
Subject: Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt

Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt - Mailing list pgsql-bugs

Previous

Next