On Thu, Jul 02, 2020 at 04:02:21PM +0200, Daniel Gustafsson wrote: > The CF Patch Tester consider this patch to be malformed and is unable to apply > and test it. Can you please submit a rebased version?
I have looked at the patch of this thread, and I doubt that it is a good idea to put more burden into initdb for that. I agree that being able to reject easily non-SSL connections in pg_hba.conf is a bit of a hassle now, but putting more logic into initdb does not seem the right course to me. Perhaps we could consider an idea like Peter's to have a sslmode=require on the server side and ease the generation of HBA rules.. The patch has stalled for two months now without a rebase provided, so I am marking it as returned with feedback. -- Michael
signature.asc
Description: PGP signature
