Thread: SSL connections

SSL connections

From
Guillaume Lelarge
Date:
Hi,

One of my customer told me that another PostgreSQL admin tool requires
to enter sslcert, sslkey, sslrootcert, and sslcrl to try an SSL
connection. Is this true? do we have to require that all fields are
filled? reading the documentation, I think no. There are default values
for each of them, so we don't need to put each field in the connection
packet. But I may be wrong. Anyone with more knowledge than me on this
issue?

Thanks.


--
Guillaume
  http://blog.guillaume.lelarge.info
  http://www.dalibo.com


Re: SSL connections

From
Dave Page
Date:
On Tue, Oct 4, 2011 at 9:12 PM, Guillaume Lelarge
<guillaume@lelarge.info> wrote:
> Hi,
>
> One of my customer told me that another PostgreSQL admin tool requires
> to enter sslcert, sslkey, sslrootcert, and sslcrl to try an SSL
> connection. Is this true? do we have to require that all fields are
> filled? reading the documentation, I think no. There are default values
> for each of them, so we don't need to put each field in the connection
> packet. But I may be wrong. Anyone with more knowledge than me on this
> issue?

No you don't need to fill them in to use SSL. Even certificate based
auth doesn't *require* you to set any of those values.


--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

Re: SSL connections

From
Guillaume Lelarge
Date:
On Tue, 2011-10-04 at 21:16 +0100, Dave Page wrote:
> On Tue, Oct 4, 2011 at 9:12 PM, Guillaume Lelarge
> <guillaume@lelarge.info> wrote:
> > Hi,
> >
> > One of my customer told me that another PostgreSQL admin tool requires
> > to enter sslcert, sslkey, sslrootcert, and sslcrl to try an SSL
> > connection. Is this true? do we have to require that all fields are
> > filled? reading the documentation, I think no. There are default values
> > for each of them, so we don't need to put each field in the connection
> > packet. But I may be wrong. Anyone with more knowledge than me on this
> > issue?
>
> No you don't need to fill them in to use SSL. Even certificate based
> auth doesn't *require* you to set any of those values.
>

Great, thanks :)


--
Guillaume
  http://blog.guillaume.lelarge.info
  http://www.dalibo.com