| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Alvaro Herrera <alvherre(at)commandprompt(dot)com> |
| Cc: | Alex Hunsaker <badalex(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Abhijit Menon-Sen <ams(at)oryx(dot)com>, pgsql(at)mohawksoft(dot)com, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: SSL configure patch: review |
| Date: | 2008-11-21 14:17:36 |
| Message-ID: | 4926C300.2070600@hagander.net |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Alvaro Herrera wrote:
> Magnus Hagander escribió:
>> Alex Hunsaker wrote:
>>> On Fri, Aug 1, 2008 at 13:31, Alvaro Herrera <alvherre(at)commandprompt(dot)com> wrote:
>>>> Something that's bothering me is that PGSSLKEY is inconsistent with the
>>>> sslkey conninfo parameter. PGSSLKEY specifies an engine (basically a
>>>> driver for specialized hardware AFAICT) from which the key is to be
>>>> loaded, but sslkey is a simple filename. This means that there's no way
>>>> to load a key from hardware if you want to specify it per connection.
>>>> Not that I have any such hardware, but it looks bogus.
>
> I think the above consideration needs some discussion too. Committing
> it as-is doesn't seem OK because you can't change it later -- it's
> user-visible.
.. that's the one I was referring to in my mail ...
It should definitely be made consistent.
//MAgnus
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Martin Pihlak | 2008-11-21 14:43:21 | Re: SQL/MED compatible connection manager |
| Previous Message | Alvaro Herrera | 2008-11-21 14:13:14 | Re: SSL configure patch: review |