| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Kyotaro Horiguchi <horikyota(dot)ntt(at)gmail(dot)com>, michael(at)paquier(dot)xyz, pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Subject: | Re: "cert" + clientcert=verify-ca in pg_hba.conf? |
| Date: | 2020-09-25 17:30:06 |
| Message-ID: | 20200925173006.GA7199@momjian.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Sep 24, 2020 at 09:59:50PM -0400, Tom Lane wrote:
> Kyotaro Horiguchi <horikyota(dot)ntt(at)gmail(dot)com> writes:
> > Thank you Bruce, Michael. This is a rebased version.
>
> I really strongly object to all the encoded data in this patch.
> One cannot read it, one cannot even easily figure out how long
> it is until the tests break by virtue of the certificates expiring.
>
> One can, however, be entirely certain that they *will* break at
> some point. I don't like the idea of time bombs in our test suite.
> That being the case, it'd likely be better to drop all the pre-made
> certificates and have the test scripts create them on the fly.
> That'd remove both the documentation problem (i.e., having readable
> info as to how the certificates were made) and the expiration problem.
I am not planning to apply the test parts of this patch. I think
having the committer test it is sufficient.
--
Bruce Momjian <bruce(at)momjian(dot)us> https://momjian.us
EnterpriseDB https://enterprisedb.com
The usefulness of a cup is in its emptiness, Bruce Lee
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Fujii Masao | 2020-09-25 17:36:28 | Re: New statistics for tuning WAL buffer size |
| Previous Message | Christoph Berg | 2020-09-25 17:05:52 | Re: gs_group_1 crashing on 13beta2/s390x |