| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "sergio(dot)cinos(at)info3(dot)com (IMAP)" <sergio(dot)cinos(at)info3(dot)com> |
| Cc: | pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: Client SSL validation using root.crt |
| Date: | 2006-11-17 17:17:42 |
| Message-ID: | 15195.1163783862@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
"sergio(dot)cinos(at)info3(dot)com (IMAP)" <sergio(dot)cinos(at)info3(dot)com> writes:
> I see a strange behaviour using root.crt. PostgreSQL always waits a
> client certificate to check agains root.crt. But I set up a
> 'hostnossl' auth line un pg_hba.conf, PostgreSQL still wants a client
> certificate.
If your client first tries to connect with SSL, it seems likely that the
certificate check would occur before we examine pg_hba.conf and decide
to reject the connection on that basis. But your client should then
retry without SSL. See libpq's "sslmode" parameter and PGSSLMODE
environment variable if you want it to try in the other order.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Paul Forgey | 2006-11-17 21:39:53 | remote connections to Windows based server |
| Previous Message | sergio.cinos@info3.com (IMAP) | 2006-11-17 10:37:37 | Client SSL validation using root.crt |