| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "Nigel J(dot) Andrews" <nandrews(at)investsystems(dot)co(dot)uk> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: host and hostssl equivalence in pg_hba.conf |
| Date: | 2003-06-10 13:42:16 |
| Message-ID: | 2150.1055252536@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general pgsql-hackers |
"Nigel J. Andrews" <nandrews(at)investsystems(dot)co(dot)uk> writes:
> How do people feel about changing matching for host and hostssl to be such that
> a plain host line in pg_hba.conf does not allow a SSL connection but requires
> the hostssl specifier?
Then there would be no way to have a host entry that allowed both ---
which, aside from being a loss of functionality, would doubtless break
existing setups.
I'd hold still for a "hostnossl" keyword, I guess, but I don't entirely
see the use for it.
If your real gripe is that libpq insists on trying SSL connections
first, the server is the wrong end to be patching that problem at.
There should be a way to control libpq's allow_ssl_try state variable
from the outside.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jon Jensen | 2003-06-10 13:46:04 | Re: host and hostssl equivalence in pg_hba.conf |
| Previous Message | Richard Huxton | 2003-06-10 13:33:33 | Re: The transaction that "happens" with function invocation |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2003-06-10 13:45:52 | Re: Function returns composite type |
| Previous Message | Tom Lane | 2003-06-10 13:14:37 | Re: 7.3.3 COMPILE FAILURE: pg_dump (fwd) |