Re: Unfriendly handling of pg_hba SSL options with SSL off
Magnus Hagander <magnus@hagander.net>
From: Magnus Hagander <magnus@hagander.net>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Robert Haas <robertmhaas@gmail.com>, pgsql-hackers@postgresql.org
Date: 2011-04-25T17:12:59Z
Lists: pgsql-hackers
On Mon, Apr 25, 2011 at 19:11, Tom Lane <tgl@sss.pgh.pa.us> wrote: > Robert Haas <robertmhaas@gmail.com> writes: >> On Mon, Apr 25, 2011 at 12:52 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote: >>> I'm inclined to think that the correct fix is to make parse_hba_line, >>> where it first realizes the line is "hostssl", check not only that SSL >>> support is compiled but that it's turned on. > >> It's not clear to me what behavior you are proposing. Would we >> disregard the hostssl line or treat it as an error? > > Sorry, I wasn't clear. I meant to throw an error. We already do throw > an error if you put hostssl in pg_hba.conf when SSL support wasn't > compiled at all. Why shouldn't we throw an error if it's compiled but > not turned on? > > Or we could go in the direction of making hostssl lines be a silent > no-op in both cases, but that doesn't seem like especially user-friendly > design to me. We don't treat any other cases in pg_hba.conf comparably > AFAIR. We need to be very careful about ignoring *anything* in pg_hba.conf, since it's security configuration. Doing it silently is even worse.. -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/