Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt

Поиск
Список
Период
Сортировка
От Bruce Momjian
Тема Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt
Дата
Msg-id 200904142136.n3ELasF14803@momjian.us
обсуждение исходный текст
Ответ на Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt  (Bruce Momjian <bruce@momjian.us>)
Список pgsql-bugs
Дерево обсуждения 
Bruce Momjian wrote:
> > That's the intention. When you're turning off something, I think it
> > makes sense to use "no"....
>
> But that doesn't scale:  sslmode currently has four options, soon
> perhaps to be six.   The idea is that the items should be of increasing
> security, and adding "no" in the middle doesn't allow that to be clear.
>
> In fact there are too many sslmode options to list them in a paragraph;
> it should be an SGML table;  I will work on that now.

OK, I have created an SGML table to show the sslmode options.  While
doing that I found that 'disable' was misstated as "attempt only an
unencrypted SSL connection".  Neither Magnus nor I know what an
unencrypted SSL connection is, so we assume it is an error.  I have
instead replaced it with "try a non-SSL connection".

When this was a paragraph it was hard to see that mistake; in an SGML
table it was obvious.

Patch attached and applied.

--
  Bruce Momjian  <bruce@momjian.us>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

  + If your life is a hard drive, Christ can be your backup. +
Index: doc/src/sgml/libpq.sgml
===================================================================
RCS file: /cvsroot/pgsql/doc/src/sgml/libpq.sgml,v
retrieving revision 1.283
diff -c -c -r1.283 libpq.sgml
*** doc/src/sgml/libpq.sgml    11 Apr 2009 16:46:54 -0000    1.283
--- doc/src/sgml/libpq.sgml    14 Apr 2009 20:37:02 -0000
***************
*** 254,276 ****
            <para>
             This option determines whether or with what priority a
             <acronym>SSL</> TCP/IP connection will be negotiated with the
!            server. There are four modes: <literal>disable</> will attempt
!            only an unencrypted <acronym>SSL</> connection;
!            <literal>allow</> will negotiate, trying first a
!            non-<acronym>SSL</> connection, then if that fails, trying an
!            <acronym>SSL</> connection; <literal>prefer</> (the default)
!            will negotiate, trying first an <acronym>SSL</> connection,
!            then if that fails, trying a regular non-<acronym>SSL</>
!            connection; <literal>require</> will try only an
!            <acronym>SSL</> connection.  <literal>sslmode</> is ignored
!            for Unix domain socket communication.
!           </para>

            <para>
             If <productname>PostgreSQL</> is compiled without SSL support,
             using option <literal>require</> will cause an error, while
             options <literal>allow</> and <literal>prefer</> will be
!            accepted but <application>libpq</> will not in fact attempt
             an <acronym>SSL</>
             connection.<indexterm><primary>SSL</><secondary
             sortas="libpq">with libpq</></indexterm>
--- 254,308 ----
            <para>
             This option determines whether or with what priority a
             <acronym>SSL</> TCP/IP connection will be negotiated with the
!            server. There are four modes:
!
!            <table id="libpq-connect-sslmode-options">
!             <title><literal>sslmode</literal> options</title>
!             <tgroup cols="2">
!              <thead>
!               <row>
!                <entry>Option</entry>
!                <entry>Description</entry>
!               </row>
!              </thead>
!
!              <tbody>
!
!               <row>
!                <entry><literal>disable</></entry>
!                <entry>only try a non-<acronym>SSL</> connection
!               </row>
!
!               <row>
!                <entry><literal>allow</></entry>
!                <entry>first try a non-<acronym>SSL</>
!                 connection;  if that fails, try an <acronym>SSL</>
!                 connection</entry>
!               </row>
!
!               <row>
!                <entry><literal>prefer</> (default)</entry>
!                <entry>first try an <acronym>SSL</> connection;  if
!                that fails, try a non-<acronym>SSL</>
!                connection</entry>
!               </row>
!
!               <row>
!                <entry><literal>require</></entry>
!                <entry>only try an <acronym>SSL</> connection</entry>
!               </row>
!
!              </tbody>
!             </tgroup>
!            </table>

            <para>
+            <literal>sslmode</> is ignored for Unix domain socket
+            communication.
             If <productname>PostgreSQL</> is compiled without SSL support,
             using option <literal>require</> will cause an error, while
             options <literal>allow</> and <literal>prefer</> will be
!            accepted but <application>libpq</> will not actually attempt
             an <acronym>SSL</>
             connection.<indexterm><primary>SSL</><secondary
             sortas="libpq">with libpq</></indexterm>

В списке pgsql-bugs по дате отправления:

Предыдущее
От: Bruce Momjian
Дата:
Сообщение: Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt
Следующее
От: "Wilcox, Dwight CIV SPAWAR SSC PAC, 53627"
Дата:
Сообщение: PostgreSQL Windows XP Installer Problem