Magnus Hagander wrote:
> > One random idea is to fold both of these settings into sslmode, with
> > the
> > following progression:
> >
> > disable, allow, prefer, require, require-cert, require-cn
> >
> > And then set the default to "disable", because as you say "prefer"
> > is pretty
> > silly. And then users can explictly choose which level of SSL-ness
> > they want.
>
> This is a different way to do bruces suggestion of a different
> default. That's possibly even clearer. So I can definitely go with
> this, but I think two different parameters makes it more clear and is
> better.
>
> And +1 for changing the default sslmode regardless of how we configure
> ssl verification.
I like Peter's idea too. Having _three_ SSL settings is overkill, and I
like the idea of doing it with one parameter. As already pointed out,
it makes no sense to do server certificate verification unless the
sslmode is 'require', and having require-cert and require-cn are very
clear.
I disagree with Magnus that having two parameters is better --- I think
there is just too much risk of misconfiguration with two parameters.
I would actually call the two parameters 'verify-cert' and 'verify-cn',
and document that they also have "require" behavior. Obviously you
can't verify certificates unless you require SSL.
I am fine with changing the default sslmode.
--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +