[EMAIL PROTECTED] (Dominic Mitchell) writes:On Tue, Sep 21, 2004 at 10:17:51AM +0200, Peter Eisentraut wrote:Am Dienstag, 21. September 2004 09:24 schrieb Dominic Mitchell:In initialize_SSL(), we call SSL_CTX_set_verify(), but we don't pass in the SSL_VERIFY_FAIL_IF_NO_PEER_CERT flag. This means that a client can present no certificate and still get access to the server.
The code is all there to do so, pretty much. What it's missing is a few toggles to make it say "I want to enforce this to happen".
This is intentional. See past discussions.
Ok, I'll go and review them and stick to documentation patches. I hope I can avoid other people being surprised in the manner I was.
Thanks, -Dom
---------------------------(end of broadcast)---------------------------
TIP 9: the planner will ignore your desire to choose an index scan if your
joining column's datatypes do not match
