Magnus Hagander wrote: > > One random idea is to fold both of these settings into sslmode, with > > the > > following progression: > > > > disable, allow, prefer, require, require-cert, require-cn > > > > And then set the default to "disable", because as you say "prefer" > > is pretty > > silly. And then users can explictly choose which level of SSL-ness > > they want. > > This is a different way to do bruces suggestion of a different > default. That's possibly even clearer. So I can definitely go with > this, but I think two different parameters makes it more clear and is > better. > > And +1 for changing the default sslmode regardless of how we configure > ssl verification.
I like Peter's idea too. Having _three_ SSL settings is overkill, and I like the idea of doing it with one parameter. As already pointed out, it makes no sense to do server certificate verification unless the sslmode is 'require', and having require-cert and require-cn are very clear. I disagree with Magnus that having two parameters is better --- I think there is just too much risk of misconfiguration with two parameters. I would actually call the two parameters 'verify-cert' and 'verify-cn', and document that they also have "require" behavior. Obviously you can't verify certificates unless you require SSL. I am fine with changing the default sslmode. -- Bruce Momjian <br...@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + If your life is a hard drive, Christ can be your backup. + -- Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-bugs
