On Wed, Aug 26, 2009 at 15:57, Tom Lane<tgl@sss.pgh.pa.us> wrote:
> Magnus Hagander <magnus@hagander.net> writes:
>> But that will still fail if the user has set it up to require a client
>> certificate.
>
> But not till it gets to the pg_hba checks. =A0We might need to have some
How would that be different from what we have now? sslmode=3Dprefer will
still allow both ssl and non-ssl connection. It won't kick you out
until you reach the hba processing, will it?
> variant on PQrequiresPassword to detect that failure type, but we'll
> already know what we need to.
>
> This still points up the value of adding an actual "ping" interface to
> the protocol, though.
Agreed.
--=20
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/