On Mon, Apr 25, 2011 at 19:11, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Robert Haas <robertmhaas@gmail.com> writes:
>> On Mon, Apr 25, 2011 at 12:52 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>>> I'm inclined to think that the correct fix is to make parse_hba_line,
>>> where it first realizes the line is "hostssl", check not only that SSL
>>> support is compiled but that it's turned on.
>
>> It's not clear to me what behavior you are proposing. Would we
>> disregard the hostssl line or treat it as an error?
>
> Sorry, I wasn't clear. I meant to throw an error. We already do throw
> an error if you put hostssl in pg_hba.conf when SSL support wasn't
> compiled at all. Why shouldn't we throw an error if it's compiled but
> not turned on?
>
> Or we could go in the direction of making hostssl lines be a silent
> no-op in both cases, but that doesn't seem like especially user-friendly
> design to me. We don't treat any other cases in pg_hba.conf comparably
> AFAIR.
We need to be very careful about ignoring *anything* in pg_hba.conf,
since it's security configuration. Doing it silently is even worse..
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/