| From: | Bastiaan Olij <bastiaan(at)basenlily(dot)me> |
|---|---|
| To: | Postgres general mailing list <pgsql-general(at)postgresql(dot)org> |
| Subject: | sslmode=prefer v.s. sslmode=verify-ca |
| Date: | 2014-02-27 01:25:55 |
| Message-ID: | 530E9423.5070206@basenlily.me |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hi All,
According to the documentation
here:http://www.postgresql.org/docs/9.1/static/libpq-ssl.html
For backwards compatibility reasons sslmode=require works the same as
sslmode=verify-ca if a root certificate is put into place.
From what I can tell sslmode=prefer seems to react the same.
As I have both servers with valid certificates, and one or two test
servers with just self signed certificates I'm running into a snag. As
soon as I put my root certificate in place I can log onto the servers
with valid certificates just fine, I'm using sslmode=verify-full here even.
But when I try to connect to my test servers, even though I've set
sslmode=prefer, it won't allow me to connect over SSL. Only when I
remove my root certificate file am I allowed in.
Obviously I can create valid certificates for my test servers but some
of the servers I need to connect to aren't fully under my control.
Has anyone run into this before?
Cheers,
Bastiaan Olij
| From | Date | Subject | |
|---|---|---|---|
| Next Message | itishree sukla | 2014-02-27 06:24:39 | Multiple Schema in One DB |
| Previous Message | Steve Crawford | 2014-02-27 00:44:56 | Re: Cancelling of autovacuums considered harmful |