Jorge Godoy wrote:
>> What does pg_hba.conf look like?
>
> I don't know if I misunderstood him, but I thought he was
> willing to have SSL on both sides, i.e., both the client
> and the server identify themselves trough SSL certificates.
I had the same impression.
> Even though one can require connections using only SSL on the
> server side, I don't see a method (in pg_hba.conf) that
> would allow clients with SSL certificates.
Nor do I.
The complaint was that he could connect even if he didn't
have a valid client certificate.
That would mean that the connection was not established
with SSL. I want to see the pg_hba.conf to see if there is
an entry that allows him to connect without using SSL,
like a "host" entry.
Yours,
Laurenz Albe