On ons, 2012-02-08 at 09:16 +0100, Magnus Hagander wrote:
> > I'm still worried about this. If we ignore a missing root.crt, then the
> > effect is that authentication and certificate verification might fail,
> > which would be annoying, but you'd notice it soon enough. But if we
> > ignore a missing root.crl, we are creating a security hole.
> >
>
> Yes, ignoring a missing file in a security context is definitely not good.
> It should throw an error.
>
> We have a few bad defaults from the old days around SSL for this, but if it
> requires breaking backwards compatibility to get it right, I think we
> should still do it.
Btw., should we also consider making similar changes on the libpq side?