Dominic Mitchell <[EMAIL PROTECTED]> writes:
> +   If verification of client certificates is required, place the
> +   certificates of the <acronym>CA</acronym> you wish to check for in
> +   the file <filename>root.crt</filename> in the data directory.  When
> +   present, a client certificate will be requested from the client
> +   making the connection and it must have been signed by one of the
> +   certificates present in <filename>root.crt</filename>.  If no
> +   certificate is presented, the connection will be allowed to proceed
> +   anway.

That last statement is not actually correct, is it?  AFAICS we do tell
SSL to enforce certificates if we find a valid root.crt file.

                        regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 9: the planner will ignore your desire to choose an index scan if your
      joining column's datatypes do not match

Reply via email to