Hello Bruce,
Bruce Momjian [2009-04-11 8:33 -0400]:
> I noticed you didn't quote the next sentence:
>
> The SSL connection will fail if the server does not present a trusted
> certificate.
Indeed. When I read it first, it seemed unrelatead to me, but now I
understand where this was aiming at.
> Which clearly explains _a_ failure, but doesn't link it well to the
> behavior. I agree the wording needs improvement so I have update the
> doc paragraph to mention "requires" at the beginning":
>
> I will now look at improving the libpq error message.
I saw your patches. Many thanks, this is much clearer now.
Bruce Momjian [2009-04-11 17:42 -0400]:
> The only other approach would be to add an sslverify value of
> 'try' that tries only if root.crt exists.
The semantics of this sound like a good default to me, since it would
enforce a good cert as soon as I start caring, i. e. when I actually
have a root.crt to verify against. This is the kind of "single-action
SSL enabling" workflow I was already looking for when configuring the
snakeoil SSL cert by default.
Perhaps it shouldn't be called "try", though, maybe "cert" should have
above semantics, and "force" should have the currently implemented one
(i. e. fail if not present)?
But that gets us dangerously close to bikeshedding now...
Martin
--
Martin Pitt | http://www.piware.de
Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)