Re: new libpq SSL connection option

On Fri, Dec 5, 2008 at 14:22, Andrew Chernow <ac@esilo.com> wrote:
> Alex Hunsaker wrote:
>>
>> On Fri, Dec 5, 2008 at 13:58, Andrew Chernow <ac@esilo.com> wrote:
>>>
>>> Who anyone be opposed to "ssldir = path" as a connection option?
>>> Currently,
>>> there is no way to change the homedir method ~/.postgresql ... or am I
>>> missing something?  I am willing to supply a patch.
>>
>> You mean something like the
>>
>> http://archives.postgresql.org/message-id/34d269d40811202107q489e2be0h771762398dd9fcdb@mail.gmail.com.
>>
>> ?
>>
>
> yes, excately like that; apparently missed it.  What is the status of that
> patch?  I see it was left in pending review  .. is the fest is over?

I think all that is left is changing PGROOTCERT to PGSSLROOTCERT,
agreeing to IFDEF the params out or not ohand this little bit:

> Magnus Hagander escribió:
> > On Fri, Aug 1, 2008 at 13:31, Alvaro Herrera <alvherre(at)commandprompt(dot)com> wrote:
> >> Something that's bothering me is that PGSSLKEY is inconsistent with the
> >> sslkey conninfo parameter.  PGSSLKEY specifies an engine (basically a
> >> driver for specialized hardware AFAICT) from which the key is to be
> >> loaded, but sslkey is a simple filename.  This means that there's no way
> >> to load a key from hardware if you want to specify it per connection.
> >> Not that I have any such hardware, but it looks bogus.

>I think the above consideration needs some discussion too.  Committing
>it as-is doesn't seem OK because you can't change it later -- it's
>user-visible.