From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: Unfriendly handling of pg_hba SSL options with SSL off |
Date: | 2011-04-25 17:19:52 |
Message-ID: | BANLkTimdqpN4_V=Li27C-NPPuPTHZhC2nA@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Mon, Apr 25, 2011 at 1:11 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Robert Haas <robertmhaas(at)gmail(dot)com> writes:
>> On Mon, Apr 25, 2011 at 12:52 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>>> I'm inclined to think that the correct fix is to make parse_hba_line,
>>> where it first realizes the line is "hostssl", check not only that SSL
>>> support is compiled but that it's turned on.
>
>> It's not clear to me what behavior you are proposing. Would we
>> disregard the hostssl line or treat it as an error?
>
> Sorry, I wasn't clear. I meant to throw an error. We already do throw
> an error if you put hostssl in pg_hba.conf when SSL support wasn't
> compiled at all. Why shouldn't we throw an error if it's compiled but
> not turned on?
OK, I think you're right.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
From | Date | Subject | |
---|---|---|---|
Next Message | Magnus Hagander | 2011-04-25 17:23:43 | Re: Unfriendly handling of pg_hba SSL options with SSL off |
Previous Message | Tom Lane | 2011-04-25 17:18:38 | Re: Unfriendly handling of pg_hba SSL options with SSL off |