Overhaul pg_hba.conf clientcert's API Since PG 12, clientcert no longer supported only on/off, so remove 1/0 as possible values, and instead support only the text strings 'verify-ca' and 'verify-full'.
Remove support for 'no-verify' since that is possible by just not specifying clientcert. Also, throw an error if 'verify-ca' is used and 'cert' authentication is used, since cert authentication requires verify-full. Also improve the docs. THIS IS A BACKWARD INCOMPATIBLE API CHANGE. Reported-by: Kyotaro Horiguchi Discussion: https://postgr.es/m/[email protected] Author: Kyotaro Horiguchi Backpatch-through: master Branch ------ master Details ------- https://git.postgresql.org/pg/commitdiff/253f1025da8c8d6e52f96f764658b76eb59290ad Modified Files -------------- doc/src/sgml/client-auth.sgml | 11 ++++------- doc/src/sgml/runtime.sgml | 5 ++--- src/backend/libpq/hba.c | 18 +++++++----------- 3 files changed, 13 insertions(+), 21 deletions(-)
