On 12 apr 2009, at 11.13, Peter Eisentraut <pete...@gmx.net> wrote:
On Sunday 12 April 2009 01:58:26 Magnus Hagander wrote:
"sslmode=prefer" honestly makes no sense - if I don't care if it
ends up
encrypted or not (which it means), then why not just run with SSL off
and not have to deal with the overhead?
Perhaps a large part of the problem at hand is in fact that the
default is
sslmode=prefer, which, if the server is set up with some snakeoil
certificate,
causes all these cn verification problems, when the user really
didn't care in
the first place.
Another thing is that not all combinations of sslmode and sslverify
make
sense. If the user cares little about SSL ("allow", "prefer"), then
insisting
on a verifyable certificate is pointless.
Yeah, agreed.
One random idea is to fold both of these settings into sslmode, with
the
following progression:
disable, allow, prefer, require, require-cert, require-cn
And then set the default to "disable", because as you say "prefer"
is pretty
silly. And then users can explictly choose which level of SSL-ness
they want.
This is a different way to do bruces suggestion of a different
default. That's possibly even clearer. So I can definitely go with
this, but I think two different parameters makes it more clear and is
better.
And +1 for changing the default sslmode regardless of how we configure
ssl verification.
/Magnus
--
Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-bugs
