Re: [pgsql-hackers-win32] More SSL questions..

"Magnus Hagander" <mha@sollentuna.net> writes:
> I think it's only broken when you fiddle with certificates.

Yeah, the commented-out stuff had to do with certificates, and would not
be executed unless the server demands a client certificate (which only
happens if the server has a root.crt file).

BTW, as of CVS tip, if the server has a root.crt file and the client
does not have any certificate files, the default behavior is that
connections fail:

$ psql -h localhost regression
psql: could not open certificate file "/home/tgl/.postgresql/postgresql.crt": No such file or directory
$

I'm not sure if this is desirable.  Should libpq try to fall back to a
non-SSL-encrypted connection, instead?

            regards, tom lane