Magnus Hagander <magnus(at)hagander(dot)net> writes:
> On Wed, Aug 26, 2009 at 15:57, Tom Lane<tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>> Magnus Hagander <magnus(at)hagander(dot)net> writes:
>>> But that will still fail if the user has set it up to require a client
>>> certificate.
>>
>> But not till it gets to the pg_hba checks. We might need to have some
> How would that be different from what we have now? sslmode=prefer will
> still allow both ssl and non-ssl connection. It won't kick you out
> until you reach the hba processing, will it?
Hm, will it retry if the ssl setup step fails? If so it'd be all right,
but it's still a waste of cycles ...
regards, tom lane