Re: src/test/ssl broken on HEAD

On 9/2/15 7:15 PM, Andres Freund wrote:
>>     Add a regression test suite for SSL support.
>>
>>     It's not run by the global "check" or "installcheck" targets, because the
>>     temporary installation it creates accepts TCP connections from any user
>>     the same host, which is insecure.
>
> We could just implement SSL over unix sockets. Obviously the
> connection-encryption aspect isn't actually useful, but e.g. client
> certs still make sense.  Besides, it allows to avoid concerns like the
> above...

See old discussion here:
http://www.postgresql.org/message-id/49CA2524.5010809@gmx.net

At the time, we didn't have this test suite, obviously, so the utility
would be have been limited, but now it looks quite interesting.

The only trick, as I remember, was that clients tend to prefer SSL
automatically, which we probably don't want for Unix-domain sockets, so
we'd need to tweak those settings a bit.

The "old patch" referred to in that old thread wasn't actually attached,
so here it is, for amusement.