Re: SSL over Unix-domain sockets

Am Freitag, 4. Januar 2008 schrieb Bruce Momjian:
> Peter Eisentraut wrote:
> > Using the attached patch, SSL will act over Unix-domain sockets.  AFAICT,
> > this just works.  I didn't find a way to sniff a Unix-domain socket,
> > however.
> >
> > How should we proceed with this?
>
> I am confused by the shortness of this patch.  Right now pg_hba.conf
> has:
>
>     # host       DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTION]
>     # hostssl    DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTION]
>     # hostnossl  DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTION]
>
> These are all for TCP connections.  How do we handle 'local' SSL
> connection specification?  Do we want to provide similar functionality
> for local connections?

Yes, we might want to add that as well.  That and some documentation updates 
would probably cover everything.

-- 
Peter Eisentraut
http://developer.postgresql.org/~petere/