On Tue, Sep 21, 2004 at 10:44:22AM +0200, Kaare Rasmussen wrote:
> > I think verification of the server certificates is not supported either.
> > SSL only serves for encryption, not authentication or integrity checking
> > (which is probably a stupid idea).
>
> I have this feeling that SSL in PostgreSQL isn't category 1 supported if you
> can put it that way. Maybe I'm wrong?
>
> Another way to ensure encrypted (and authenticated, I believe) connections is
> to use stunnel with PostgreSQL.
>
> I'm not sure which solution is the best. SSL in PostgreSQL is integrated.
> Stunnel has the advantage of being more generic. having tried none, I don't
> know about performance.
stunnel is a possible solution, but it'll make it difficult to determine
remote connections, as you'll only ever see 127.0.0.1 in your logs.
As I said in my other reply, the code to do most of this is already
there, it's just #ifdef'd out.
-Dom