Re: sslmode patch

Jon Jensen wrote:
> Folks,
>
> At long last I put together a patch to support 4 client SSL negotiation
> modes (and replace the requiressl boolean). The four options were first
> spelled out by Magnus Hagander <mha@sollentuna.net> on 2000-08-23 in email
> to pgsql-hackers, archived here:
>
> http://archives.postgresql.org/pgsql-hackers/2000-08/msg00639.php
>
> My original less-flexible patch and the ensuing thread are archived at:
>
> http://dbforums.com/t623845.html
>
> Attached is a new patch, including documentation.
>
> To sum up, there's a new client parameter "sslmode" and environment
> variable "PGSSLMODE", with these options:
>
> sslmode   description
> -------   -----------
> prevent   Unencrypted non-SSL only

I think the word 'never' would be more appropriate than 'prevent'.

> allow     Negotiate, prefer non-SSL

I like 'allow'.  The never liked the 'prefernonssl/preferssl', though I
may have been the one to suggest it.

> prefer    Negotiate, prefer SSL (default)
> require   Require SSL
>
> The only change to the server is a new pg_hba.conf line type,
> "hostnossl", for specifying connections that are not allowed to use SSL

Should this be 'hostneverssl'?  Nossl implies to me that the host
doesn't have SSL, which really isn't the issue.

> (for example, to prevent servers on a local network from accidentally
> using SSL and wasting cycles). Thus the 3 pg_hba.conf line types are:
>
> pg_hba.conf line types
> ----------------------
> host       applies to either SSL or regular connections
> hostssl    applies only to SSL connections
> hostnossl  applies only to regular connections
>
> These client and server options, the postgresql.conf ssl = false option,
> and finally the possibility of compiling with no SSL support at all,
> make quite a range of combinations to test. I threw together a test
> script to try many of them out. It's in a separate tarball with its
> config files, a patch to psql so it'll announce SSL connections even in
> absence of a tty, and the test output. The test is especially informative
> when run on the same tty the postmaster was started on, so the FATAL:
> errors during negotiation are interleaved with the psql client output.

Are out defaults right, that we prefer SSL if client and server can do
it?  And now have hostnossl(or hostneverssl) to turn it off?

> I saw Tom write that new submissions for 7.4 have to be in before midnight
> local time, and since I'm on the east coast in the US, this just makes it
> in before the bell. :)

I think we can get this into 7.4.

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073