| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: controlling the location of server-side SSL files |
| Date: | 2012-01-03 23:25:13 |
| Message-ID: | 1325633113.19883.13.camel@vanquo.pezone.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On mån, 2012-01-02 at 23:42 -0500, Tom Lane wrote:
> Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
> > On mån, 2012-01-02 at 15:47 +0100, Magnus Hagander wrote:
> >> Were you thinking one option pointing to a directory or one option per
> >> file?
>
> > One option per file:
>
> That seems like serious overkill. Why not one option specifying the
> directory? What use-case is there for letting them be in different
> directories, let alone letting the DBA choose random names for each one?
Several consistency reasons:
- We provide the same per-file options in libpq.
- Indeed, if you use something like dblink or plproxy, these might even
point to the same files.
- We also have settings for hba_file and ident_file that point to a
file.
- All other daemons with SSL support known to me, such as mail and web
servers, have per-file options.
Also some practical reasons:
- Yes, choosing random names is important. We have local naming
schemes. And I would rather have a descriptive file name for the CA
than having them all named root.crt, and if I want to know which one it
is I have to look inside the file.
- You might not want all of the files in the same directory. CA and CRL
might live elsewhere, for example.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2012-01-03 23:28:19 | Re: Should I implement DROP INDEX CONCURRENTLY? |
| Previous Message | Jim Nasby | 2012-01-03 23:22:25 | Re: our buffer replacement strategy is kind of lame |