I'm trying to get the SSL stuff to at least build out of the box. It seems
there's a flaw here: Even when you only want to build with SSL support "to
try later" the postmaster refuses to start unless you set up appropriate
certificate and key files. There's no way to disable SSL at run time.
At first I thought the -l option was supposed to that. But the
responsibility of the -l option is to refuse any non-SSL connections. But
deciding that should rather be the responsibility of the pg_hba.conf file,
as indeed it is, with its hostssl directive. (At least that is my
understanding.)
Does anyone have any suggestions how to handle this? This was never an
advertised feature so we have a little room to play with, I suppose.
--
Peter Eisentraut Sernanders väg 10:115
peter_e@gmx.net 75262 Uppsala
http://yi.org/peter-e/ Sweden
