Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt
| От | Tom Lane |
|---|---|
| Тема | Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt |
| Дата | |
| Msg-id | 8612.1239487226@sss.pgh.pa.us обсуждение |
| Ответ на | Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt (Bruce Momjian <bruce@momjian.us>) |
| Ответы |
Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt
|
| Список | pgsql-bugs |
Bruce Momjian <bruce@momjian.us> writes:
> In terms of your suggestion about root.crt, I think sslverify != none
> should error if it can't verify the server's certificate, whether the
> root.crt file is there or not. If you are asking for sslverify, it
> should do that or error, not ignore the setting if there is no root.crt
> file.
Fair enough.
> The only other approach would be to add an sslverify value of
> 'try' that tries only if root.crt exists.
+1 for adding a "try" setting (though I'm not sure if I like that name
or not). I don't think that we actually have any choice in the matter.
By the end of beta, we *will* have such a setting; the only question
in my mind is whether it will be default or not. That depends on
exactly how nasty the villagers become ...
regards, tom lane
В списке pgsql-bugs по дате отправления: