Kris Jurka wrote:
>> Wouldn't it be a good thing to have SSL support for DataSource
>> connections?
>>
>> It shouldn't be too hard; attached is a patch (against 8.3dev-600)
>> that shows what I mean. It is probably unclean to hard code the
>> NonValidatingFactory...
>
> Especially since it changes the default behavior of the driver to not
> validate. If you'd like to change the default, that discussion should
> happen elsewhere and should affect all the connection
> methods. Why not
> just export the sslfactory option to the DataSource as well?
Sure, that would be easy.
I wanted to know if this was welcome at all, so I started with a simple
patch to explain my idea.
Should I go ahead and write a patch against CVS HEAD, including
sslfactory?
I guess I should write a patch or the documentation too then.
As you say, that discussion should happen elsewhere, but I believe that
SSL without certificate validation would be a good default
because this is the way it is done everywhere else in PostgreSQL.
Yours,
Laurenz Albe