Magnus Hagander <mag...@hagander.net> writes: > On Thu, Jul 14, 2016 at 11:27 PM, Tom Lane <t...@sss.pgh.pa.us> wrote: >> Also, we could offer a switch to turn it off if necessary, with the >> understanding that non-Unix-socket connections can be expected to fail >> if user doesn't install a cert.
> If we do it we should also ensure it's not enabled on localhost by default. If we could make sure that both Unix-socket and localhost connections do not do SSL by default, that would make it possible to skip cert generation in "make check" and buildfarm scenarios, which would be awfully nice for slower buildfarm critters. I'm not sure though whether libpq should be given that sort of hardwired knowledge about "localhost". regards, tom lane -- Sent via pgsql-hackers mailing list (firstname.lastname@example.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers