Bruce Momjian wrote:
> It would be nice if 'sslverify' mimicked 'sslmode', which has these
> values:
>
> disable
> allow
> prefer
> require
>
> I don't see how we could use 'allow', but 'disable', 'prefer', and
> 'require' seem to work for sslverify, like sslmode.
OK, crazy idea --- we use the three-value mode for sslverify listed
above, but we have it default to the value of sslmode. So, when sslmode
is prefer (the default), sslverify is 'prefer'. When sslmode is
require, so is sslverify, and of course disable sets them both to
disable. This gives us good defaults (prefer), but auto-locks down the
system when sslmode is 'require'.
--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +