Bruce Momjian wrote:
> > That's the intention. When you're turning off something, I think it
> > makes sense to use "no"....
>
> But that doesn't scale: sslmode currently has four options, soon
> perhaps to be six. The idea is that the items should be of increasing
> security, and adding "no" in the middle doesn't allow that to be clear.
>
> In fact there are too many sslmode options to list them in a paragraph;
> it should be an SGML table; I will work on that now.
OK, I have created an SGML table to show the sslmode options. While
doing that I found that 'disable' was misstated as "attempt only an
unencrypted SSL connection". Neither Magnus nor I know what an
unencrypted SSL connection is, so we assume it is an error. I have
instead replaced it with "try a non-SSL connection".
When this was a paragraph it was hard to see that mistake; in an SGML
table it was obvious.
Patch attached and applied.
--
Bruce Momjian <[email protected]> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +
Index: doc/src/sgml/libpq.sgml
===================================================================
RCS file: /cvsroot/pgsql/doc/src/sgml/libpq.sgml,v
retrieving revision 1.283
diff -c -c -r1.283 libpq.sgml
*** doc/src/sgml/libpq.sgml 11 Apr 2009 16:46:54 -0000 1.283
--- doc/src/sgml/libpq.sgml 14 Apr 2009 20:37:02 -0000
***************
*** 254,276 ****
<para>
This option determines whether or with what priority a
<acronym>SSL</> TCP/IP connection will be negotiated with the
! server. There are four modes: <literal>disable</> will attempt
! only an unencrypted <acronym>SSL</> connection;
! <literal>allow</> will negotiate, trying first a
! non-<acronym>SSL</> connection, then if that fails, trying an
! <acronym>SSL</> connection; <literal>prefer</> (the default)
! will negotiate, trying first an <acronym>SSL</> connection,
! then if that fails, trying a regular non-<acronym>SSL</>
! connection; <literal>require</> will try only an
! <acronym>SSL</> connection. <literal>sslmode</> is ignored
! for Unix domain socket communication.
! </para>
<para>
If <productname>PostgreSQL</> is compiled without SSL support,
using option <literal>require</> will cause an error, while
options <literal>allow</> and <literal>prefer</> will be
! accepted but <application>libpq</> will not in fact attempt
an <acronym>SSL</>
connection.<indexterm><primary>SSL</><secondary
sortas="libpq">with libpq</></indexterm>
--- 254,308 ----
<para>
This option determines whether or with what priority a
<acronym>SSL</> TCP/IP connection will be negotiated with the
! server. There are four modes:
!
! <table id="libpq-connect-sslmode-options">
! <title><literal>sslmode</literal> options</title>
! <tgroup cols="2">
! <thead>
! <row>
! <entry>Option</entry>
! <entry>Description</entry>
! </row>
! </thead>
!
! <tbody>
!
! <row>
! <entry><literal>disable</></entry>
! <entry>only try a non-<acronym>SSL</> connection
! </row>
!
! <row>
! <entry><literal>allow</></entry>
! <entry>first try a non-<acronym>SSL</>
! connection; if that fails, try an <acronym>SSL</>
! connection</entry>
! </row>
!
! <row>
! <entry><literal>prefer</> (default)</entry>
! <entry>first try an <acronym>SSL</> connection; if
! that fails, try a non-<acronym>SSL</>
! connection</entry>
! </row>
!
! <row>
! <entry><literal>require</></entry>
! <entry>only try an <acronym>SSL</> connection</entry>
! </row>
!
! </tbody>
! </tgroup>
! </table>
<para>
+ <literal>sslmode</> is ignored for Unix domain socket
+ communication.
If <productname>PostgreSQL</> is compiled without SSL support,
using option <literal>require</> will cause an error, while
options <literal>allow</> and <literal>prefer</> will be
! accepted but <application>libpq</> will not actually attempt
an <acronym>SSL</>
connection.<indexterm><primary>SSL</><secondary
sortas="libpq">with libpq</></indexterm>
--
Sent via pgsql-bugs mailing list ([email protected])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-bugs
