On Tue, 10 Jun 2003, Tom Lane wrote: > "Nigel J. Andrews" <[EMAIL PROTECTED]> writes: > > How do people feel about changing matching for host and hostssl to be such that > > a plain host line in pg_hba.conf does not allow a SSL connection but requires > > the hostssl specifier? > > Then there would be no way to have a host entry that allowed both --- > which, aside from being a loss of functionality, would doubtless break > existing setups.
Well, what I was thinking of would have allowed it, just using two entries, a host one and a hostssl one. > I'd hold still for a "hostnossl" keyword, I guess, but I don't entirely > see the use for it. Well Jon Jenson's posted something else on this which I should read when I've got my mind more in tune with it. > If your real gripe is that libpq insists on trying SSL connections > first, the server is the wrong end to be patching that problem at. > There should be a way to control libpq's allow_ssl_try state variable > from the outside. A quick read makes me think that's what Jon's post is on about. -- Nigel Andrews ---------------------------(end of broadcast)--------------------------- TIP 6: Have you searched our list archives? http://archives.postgresql.org
