"Magnus Hagander" <mha@sollentuna.net> writes:
> I think it's only broken when you fiddle with certificates.
Yeah, the commented-out stuff had to do with certificates, and would not
be executed unless the server demands a client certificate (which only
happens if the server has a root.crt file).
BTW, as of CVS tip, if the server has a root.crt file and the client
does not have any certificate files, the default behavior is that
connections fail:
$ psql -h localhost regression
psql: could not open certificate file "/home/tgl/.postgresql/postgresql.crt": No such file or directory
$
I'm not sure if this is desirable. Should libpq try to fall back to a
non-SSL-encrypted connection, instead?
regards, tom lane