> > * I changed the meaning of "-l" from "Listen to only SSL" to
> > "Disable SSL". It seems safe to me to do this since the
> > previous function of "-l" never worked anyway.
> > Using this switch, you can start the postmaster without
> > having the secret key and the certificate file in place.
>
> I'd rather see SSL off by default and `-l' enabling it, but that's a
> trivial change if we agree on it.
No problem with me :-)
It should just be to change the default of RequireSSL to false, and then set
it to "true" when -l is specified.
> > Right now, the only way to set "requiressl" for psql is to use
> > an environment variable. I'd like it to be possible to do this
> > using the commandline for example, probably using a "psql
> variable".
>
> We need to think in terms of all client applications though.
> Ideally we'd
> use some sort of option letter, but we'd never find one that's
> consistently available. What do people think about optionally
> making the
> host paramater URI style, e.g. "pgsql://localhost" or
> "pgsql-ssl://localhost" or even
> "pgsql://user:password@foo.com:6543". A
> bare host defaults to "pgsql://name:5432". Hmm, I think I
> would like that
> in terms of extensibility. Doesn't JDBC work like that already?
I think I wasn't clear enough. :-) It can *already* be specified by any
client application as long as you use PQconnectdb(). For example:
PQconnectdb("dbname='foo' host='localhost' requiressl=1")
(I just put it into the "PQconninfoOptions" array.)
(Now that I think of it, I never really *tested* that part, though :-) But I
think it shuold work. [testing]. Yes, it works.)
> > But that would require changing psql to use PQconnectDb() instead
> > of PQsetdbLogin(), so I figured I should check first :-) [BTW,
> > PQconnectDb() is the recommended way of doing it nowadays, right?]
>
> In theory yes, and this might well be a good reason to start doing so,
> because you won't get away with changing the prototype of
> PQsetdbLogin().
Exactly my thougts :-)
> > Documentation is coming up,
>
> Nice...
>
> Any thoughts about client (and server) authentication via SSL?
Yup, I've been thinking about it. :-)
I was thinking of adding a authentication type "sslcert" (in addition to the
ident, trust, password etc that exist today) only valid for "sslhost" lines.
Then a map somewhere similar to the "ident-map" in concept mapping a SSL
certificate subject name to a postgres username. (Or maybe that should be
done similar to pg_shadow, modifyable from inside the db?)
//Magnus