Garick Hamlin <gham...@isc.upenn.edu> writes: > One could make it work with multiple TAs in a similar fashion if it also > checked for the existence of a directory (like: ~/.postgresql/client_ta ) to > store chains to each supported TA by fingerprint.
> That might not be worth the effort at this point... I'm inclined to think not. You can instruct libpq to send a non-default certificate file by setting its sslcert/sslkey parameters, and I think what people would typically do is just treat those as known properties of each server connection they have to deal with. Implementing cert selection logic inside libpq would simplify such cases, but I can't see that anybody is likely to get around to that anytime soon. Chained certs, on the other hand, definitely are in use in the real world, so we'd better fix libpq to handle that case. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers