SSL - Mailing list pgsql-hackers

From Peter Eisentraut
Subject SSL
Date
Msg-id Pine.LNX.4.21.0007081902040.348-100000@localhost.localdomain
Whole thread Raw
Responses Re: SSL
List pgsql-hackers
I'm trying to get the SSL stuff to at least build out of the box. It seems
there's a flaw here: Even when you only want to build with SSL support "to
try later" the postmaster refuses to start unless you set up appropriate
certificate and key files. There's no way to disable SSL at run time.

At first I thought the -l option was supposed to that. But the
responsibility of the -l option is to refuse any non-SSL connections. But
deciding that should rather be the responsibility of the pg_hba.conf file,
as indeed it is, with its hostssl directive. (At least that is my
understanding.)

Does anyone have any suggestions how to handle this? This was never an
advertised feature so we have a little room to play with, I suppose.


-- 
Peter Eisentraut                  Sernanders väg 10:115
peter_e@gmx.net                   75262 Uppsala
http://yi.org/peter-e/            Sweden



pgsql-hackers by date:

Previous
From: Bruce Momjian
Date:
Subject: Re: libpq / SQL3
Next
From: Noboru Saitou
Date:
Subject: plruby(Re:Trigger function languages)