| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | Greg Stark <stark(at)mit(dot)edu>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Jakob Egger <jakob(at)eggerapps(dot)at>, Robert Haas <robertmhaas(at)gmail(dot)com> |
| Subject: | Re: sslmode=require fallback |
| Date: | 2016-07-14 21:42:39 |
| Message-ID: | 16818.1468532559@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Magnus Hagander <magnus(at)hagander(dot)net> writes:
> On Thu, Jul 14, 2016 at 11:27 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>> Also, we could offer a switch to turn it off if necessary, with the
>> understanding that non-Unix-socket connections can be expected to fail
>> if user doesn't install a cert.
> If we do it we should also ensure it's not enabled on localhost by default.
If we could make sure that both Unix-socket and localhost connections do
not do SSL by default, that would make it possible to skip cert generation
in "make check" and buildfarm scenarios, which would be awfully nice for
slower buildfarm critters. I'm not sure though whether libpq should be
given that sort of hardwired knowledge about "localhost".
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2016-07-14 23:38:19 | Re: Issue in pg_catalog.pg_indexes view definition |
| Previous Message | Andreas Seltenreich | 2016-07-14 21:41:33 | Re: Improving executor performance |