Re: controlling the location of server-side SSL files

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: Magnus Hagander <magnus(at)hagander(dot)net>
Cc: pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: controlling the location of server-side SSL files
Date: 2012-01-02 21:49:40
Message-ID: 1325540980.15294.16.camel@vanquo.pezone.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On mån, 2012-01-02 at 15:47 +0100, Magnus Hagander wrote:
> Were you thinking one option pointing to a directory or one option per
> file?

One option per file:

ssl_cert_file
ssl_key_file
ssl_ca_file
ssl_crl_file

This is very similar to the configuration of, for example, Apache,
Dovecot, Postfix, so it should be quite familiar to administrators. It
also mirrors that we have libpq options to set these things on the
client side. (We use the term "root certificate" in libpq, but I think
"CA" is more commonly used in these situations. Not sure.)

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Dimitri Fontaine 2012-01-02 21:59:12 Re: backup_label during crash recovery: do we know how to solve it?
Previous Message Peter Eisentraut 2012-01-02 21:37:26 Re: [COMMITTERS] pgsql: pg_regress: Replace exit_nicely() with exit() plus atexit() hook