Home > mailing lists

Re: Direct SSL connection with ALPN and HBA rules - Mailing list pgsql-hackers

From	Daniel Gustafsson
Subject	Re: Direct SSL connection with ALPN and HBA rules
Date	April 30, 2024 10:10:38
Msg-id	F1FE761E-EAB0-4C84-96CC-4AB55E44939D@yesql.se Whole thread Raw
In response to	Re: Direct SSL connection with ALPN and HBA rules (Heikki Linnakangas <hlinnaka@iki.fi>)
List	pgsql-hackers

Tree view

> On 29 Apr 2024, at 21:06, Heikki Linnakangas <hlinnaka@iki.fi> wrote:

> Oh I was not aware sslrootcert=system works like that. That's a bit surprising, none of the other ssl-related
settingsimply or require that SSL is actually used. Did we intend to set a precedence for new settings with that? 

It was very much intentional, and documented, an sslmode other than verify-full
makes little sense when combined with sslrootcert=system.  It wasn't intended
to set a precedence (though there is probably a fair bit of things we can do,
getting this right is hard enough as it is), rather it was footgun prevention.

--
Daniel Gustafsson

pgsql-hackers by date:

From: Daniel Gustafsson
Date: 30 April 2024, 09:14:37
Subject: Re: [PATCH] Fix bug when calling strncmp in check_authmethod_valid

From: Alexander Korotkov
Date: 30 April 2024, 10:20:54
Subject: Re: Removing unneeded self joins

Re: Direct SSL connection with ALPN and HBA rules - Mailing list pgsql-hackers

Previous

Next