- Notifications
You must be signed in to change notification settings - Fork5
Commitc464a06
committed
Complain if pg_hba.conf contains "hostssl" but SSL is disabled.
Most commenters agreed that this is more friendly than silently failingto match the line during actual connection attempts. Also, this willprevent corner cases that might arise when trying to handle such a linewhen the SSL code isn't turned on. An example is that specifyingclientcert=1 in such a line would formerly result in a completelymisleading complaint that root.crt wasn't present, as seen in a recentreport from Marc-Andre Laverdiere. While we could have instead fixedthat specific behavior, it seems likely that we'd have a continuing streamof such bizarre behaviors if we keep on allowing hostssl lines when SSL isdisabled.Back-patch to 8.4, where clientcert was introduced. Earlier versions don'thave this specific issue, and the code is enough different to make thispatch not applicable without more work than it seems worth.1 parent0cdbef6 commitc464a06
1 file changed
+14
-1
lines changedLines changed: 14 additions & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
28 | 28 | | |
29 | 29 | | |
30 | 30 | | |
| 31 | + | |
31 | 32 | | |
32 | 33 | | |
33 | 34 | | |
| |||
832 | 833 | | |
833 | 834 | | |
834 | 835 | | |
| 836 | + | |
835 | 837 | | |
836 | | - | |
| 838 | + | |
| 839 | + | |
| 840 | + | |
| 841 | + | |
| 842 | + | |
| 843 | + | |
| 844 | + | |
| 845 | + | |
| 846 | + | |
| 847 | + | |
| 848 | + | |
| 849 | + | |
837 | 850 | | |
838 | 851 | | |
839 | 852 | | |
| |||
0 commit comments
Comments
(0)