Re: SSL Support

Tom Lane wrote:
> dom@happygiraffe.net (Dominic Mitchell) writes:
>>On Tue, Sep 21, 2004 at 10:17:51AM +0200, Peter Eisentraut wrote:
>>>Am Dienstag, 21. September 2004 09:24 schrieb Dominic Mitchell:
>>>>In initialize_SSL(), we call SSL_CTX_set_verify(), but we don't pass
>>>>in the SSL_VERIFY_FAIL_IF_NO_PEER_CERT flag.  This means that a client
>>>>can present no certificate and still get access to the server.
> 
> 
>>The code is all there to do so, pretty much.  What it's missing is a few
>>toggles to make it say "I want to enforce this to happen".
> 
> This is intentional.  See past discussions.

Ok, I'll go and review them and stick to documentation patches.  I hope 
I can avoid other people being surprised in the manner I was.

Thanks,
-Dom