| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Bruce Momjian <bruce(at)momjian(dot)us> |
| Cc: | Martin Pitt <mpitt(at)debian(dot)org>, pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt |
| Date: | 2009-04-11 22:00:26 |
| Message-ID: | 8612.1239487226@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Bruce Momjian <bruce(at)momjian(dot)us> writes:
> In terms of your suggestion about root.crt, I think sslverify != none
> should error if it can't verify the server's certificate, whether the
> root.crt file is there or not. If you are asking for sslverify, it
> should do that or error, not ignore the setting if there is no root.crt
> file.
Fair enough.
> The only other approach would be to add an sslverify value of
> 'try' that tries only if root.crt exists.
+1 for adding a "try" setting (though I'm not sure if I like that name
or not). I don't think that we actually have any choice in the matter.
By the end of beta, we *will* have such a setting; the only question
in my mind is whether it will be default or not. That depends on
exactly how nasty the villagers become ...
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2009-04-11 22:28:05 | Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt |
| Previous Message | Bruce Momjian | 2009-04-11 21:42:00 | Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt |