Re: Re: [BUGS] BUG #6189: libpq: sslmode=require verifies server certificate if root.crt is present
| От | Alvaro Herrera |
|---|---|
| Тема | Re: Re: [BUGS] BUG #6189: libpq: sslmode=require verifies server certificate if root.crt is present |
| Дата | |
| Msg-id | 1316788985-sup-7886@alvh.no-ip.org обсуждение исходный текст |
| Ответ на | Re: Re: [BUGS] BUG #6189: libpq: sslmode=require verifies server certificate if root.crt is present (Magnus Hagander <magnus@hagander.net>) |
| Ответы |
Re: Re: [BUGS] BUG #6189: libpq: sslmode=require verifies
server certificate if root.crt is present
|
| Список | pgsql-hackers |
Excerpts from Magnus Hagander's message of vie sep 23 11:31:37 -0300 2011: > > On Fri, Sep 23, 2011 at 15:55, Alvaro Herrera > <alvherre@commandprompt.com> wrote: > > This seems strange to me. Why not have a second option to let the user > > indicate the desired SSL verification? > > > > sslmode=disable/allow/prefer/require > > sslverify=none/ca-if-present/ca/full > > > > (ca-if-present being the current "require" sslmode behavior). > > > > We could then deprecate sslmode=verify and verify-full and have them be > > synonyms of sslmode=require and corresponding sslverify. > > Hmm. I agree that the other suggestion was a bit weird, but I'm not > sure I like the multiple-options approach either. That's going to > require redesign of all software that deals with it at all today :S Why? They could continue to use the existing options; or switch to the new options if they wanted different behavior, as is the case of the OP. > Maybe we should just update the docs and be done with it :-) That's another option, sure ... :-) -- Álvaro Herrera <alvherre@commandprompt.com> The PostgreSQL Company - Command Prompt, Inc. PostgreSQL Replication, Consulting, Custom Development, 24x7 support
В списке pgsql-hackers по дате отправления: