Re: Authentication fails for md5 connections if ~/.postgresql/postgresql.{crt and key} exist - Mailing list pgsql-hackers

Hi Jacob,

 > I think the sslcertmode=disable option that I introduced in [1] 
solves this issue too;

Well, I see there is indeed a significant overlap between our patches -
but yours has a much more comprehensive approach! If I got it right,
the new slcertmode=disable would indeed cancel the existing certs in
'~/.postgresql/ in case they exist. Right?

+    if (conn->sslcertmode[0] == 'd') /* disable */
+    {
+        /* don't send a client cert even if we have one */
+        have_cert = false;
+    }
+    else if (fnbuf[0] == '\0')

My idea was rather to use the existing sslmode with a new option
"no-clientcert" that does actually the same:

     /* sslmode no-clientcert */
     if (conn->sslmode[0] == 'n')
     {

         fnbuf[0] = '\0';

     }

     ...

     if (fnbuf[0] == '\0')
     {
         /* no home directory, proceed without a client cert */
         have_cert = false;
     }

I wish I had found your patchset some months ago. Now I hate myself
for the duplication of efforts :D

What is the status of your patchset?

Cheers
Jim