On Mon, Apr 25, 2011 at 18:59, Robert Haas <robertmhaas@gmail.com> wrote:
> On Mon, Apr 25, 2011 at 12:52 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> A recent complaint in pgsql-novice revealed that if you have say
>>
>> hostssl all all 127.0.0.1/32 md5 clientcert=1
>>
>> in pg_hba.conf, but you forget to enable SSL in postgresql.conf,
>> you get something like this:
>>
>> LOG: client certificates can only be checked if a root certificate store is available
>> HINT: Make sure the root.crt file is present and readable.
>> CONTEXT: line 82 of configuration file "/home/tgl/version90/data/pg_hba.conf"
>> LOG: client certificates can only be checked if a root certificate store is available
>> HINT: Make sure the root.crt file is present and readable.
>> CONTEXT: line 84 of configuration file "/home/tgl/version90/data/pg_hba.conf"
>> FATAL: could not load pg_hba.conf
>>
>> Needless to say, this is pretty unhelpful, especially if you actually do
>> have a root.crt file.
>>
>> I'm inclined to think that the correct fix is to make parse_hba_line,
>> where it first realizes the line is "hostssl", check not only that SSL
>> support is compiled but that it's turned on. Is it really sensible to
>> allow hostssl lines in pg_hba.conf when SSL is turned off? At best
>> they are no-ops, and at worst they're going to result in weird failures
>> like this one.
>
> It's not clear to me what behavior you are proposing. Would we
> disregard the hostssl line or treat it as an error?
It would absolutely have to be treat it as an error. another option
would be to throw a more specific warning at that place, and keep the
rest of the code the same.
We can't *ignore* hostssl rows in ssl=off mode, that would be an easy
way for an admin to set up a system they thought was secure but
isn't...
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/