Martin Pitt <mp...@debian.org> writes:
> I do see the benefit of failing to connect to an SSL-enabled server
> *if* I have a root.crt which doesn't match. But why fail if I don't
> have one?
I think I agree with Martin on this. The server doesn't fail if you
don't provide it a root cert; it just doesn't try to trace client certs
to the root. It is not apparent why the client should be stricter than
that, and definitely not apparent why such strictness should be the
default behavior.
regards, tom lane
--
Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-bugs
