Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt

Magnus Hagander wrote:
> > One random idea is to fold both of these settings into sslmode, with
> > the
> > following progression:
> >
> > disable, allow, prefer, require, require-cert, require-cn
> >
> > And then set the default to "disable", because as you say "prefer"
> > is pretty
> > silly.  And then users can explictly choose which level of SSL-ness
> > they want.
>
> This is a different way to do bruces suggestion of a different
> default. That's possibly even clearer. So I can definitely go with
> this, but I think two different parameters makes it more clear and is
> better.
>
> And +1 for changing the default sslmode regardless of how we configure
> ssl verification.

I like Peter's idea too.  Having _three_ SSL settings is overkill, and I
like the idea of doing it with one parameter.  As already pointed out,
it makes no sense to do server certificate verification unless the
sslmode is 'require', and having require-cert and require-cn are very
clear.

I disagree with Magnus that having two parameters is better --- I think
there is just too much risk of misconfiguration with two parameters.

I would actually call the two parameters 'verify-cert' and 'verify-cn',
and document that they also have "require" behavior.  Obviously you
can't verify certificates unless you require SSL.

I am fine with changing the default sslmode.

--
  Bruce Momjian  <bruce@momjian.us>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

  + If your life is a hard drive, Christ can be your backup. +