On Fri, Sep 23, 2011 at 16:44, Alvaro Herrera <alvhe...@commandprompt.com> wrote: > > Excerpts from Magnus Hagander's message of vie sep 23 11:31:37 -0300 2011: >> >> On Fri, Sep 23, 2011 at 15:55, Alvaro Herrera >> <alvhe...@commandprompt.com> wrote: > >> > This seems strange to me. Why not have a second option to let the user >> > indicate the desired SSL verification? >> > >> > sslmode=disable/allow/prefer/require >> > sslverify=none/ca-if-present/ca/full >> > >> > (ca-if-present being the current "require" sslmode behavior). >> > >> > We could then deprecate sslmode=verify and verify-full and have them be >> > synonyms of sslmode=require and corresponding sslverify. >> >> Hmm. I agree that the other suggestion was a bit weird, but I'm not >> sure I like the multiple-options approach either. That's going to >> require redesign of all software that deals with it at all today :S > > Why? They could continue to use the existing options; or switch to the > new options if they wanted different behavior, as is the case of the OP.
I guess. I was mostly thinking in the terms of anything that has connection things that look anything like the one in pgadmin for example - which will now suddenly need more than one dropdown box, for what really should be a simple setting. But I guess that can be considered an UI thing, and jus thave said application map a single dropdown to multiple options in the connection string. >> Maybe we should just update the docs and be done with it :-) > > That's another option, sure ... :-) I've applied a docs fix for this now. We can keep discussing how to make a more extensive fix in head :) -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/ -- Sent via pgsql-hackers mailing list (email@example.com) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers