Hi Jacob,
> I think the sslcertmode=disable option that I introduced in [1]
solves this issue too;
Well, I see there is indeed a significant overlap between our patches -
but yours has a much more comprehensive approach! If I got it right,
the new slcertmode=disable would indeed cancel the existing certs in
'~/.postgresql/ in case they exist. Right?
+ if (conn->sslcertmode[0] == 'd') /* disable */
+ {
+ /* don't send a client cert even if we have one */
+ have_cert = false;
+ }
+ else if (fnbuf[0] == '\0')
My idea was rather to use the existing sslmode with a new option
"no-clientcert" that does actually the same:
/* sslmode no-clientcert */
if (conn->sslmode[0] == 'n')
{
fnbuf[0] = '\0';
}
...
if (fnbuf[0] == '\0')
{
/* no home directory, proceed without a client cert */
have_cert = false;
}
I wish I had found your patchset some months ago. Now I hate myself
for the duplication of efforts :D
What is the status of your patchset?
Cheers
Jim
