Re: Spoofing as the postmaster

Bruce Momjian <bruce@momjian.us> writes:
> Agreed.  Requiring client root certificate checking is heavy-handed.

There seems to be some confusion here.  I didn't think anyone was
proposing that we force every installation to require client root
certificate checking.  What was under discussion (I thought) was
providing the ability for a DBA to *choose* to require it.

> Of course I am not sure anyone knows how to get that information from
> SSL.

Yeah, if OpenSSL doesn't support testing for this then the discussion
is moot...
        regards, tom lane