Hello Jacob, > I'm not sure how helpful it is to assign "blame" here. I think the > requested improvement is reasonable -- it should be possible to > override the default for a particular connection, without having to > pick a junk value that you hope doesn't match up with an actual file > on the disk.
Right, I agree we can look for improvements. "blame" was likely not the best word to express myself in that message. > sslmode=disable isn't used in either of our proposals, though. Unless > I'm missing what you mean? Sorry about the noise, I misread the code snippet shared earlier (sslmode x sslcertmode). I just took a closer read at the previously mentioned patch about sslcertmode and it seems a bit more elegant way of achieving something similar to what has been proposed here. Best regards, Israel. Em qua., 25 de jan. de 2023 às 14:09, Jacob Champion < jchamp...@timescale.com> escreveu: > On Wed, Jan 25, 2023 at 7:47 AM Israel Barth Rubio > <barthisr...@gmail.com> wrote: > > I imagine more people might have already hit a similar situation too. > While the > > workaround can seem a bit weird, in my very humble opinion the > user/client is > > somehow still the one to blame in this case as it is providing the > "wrong" file in > > a path that is checked by libpq. With that in mind I would be inclined > to say it is > > an acceptable workaround. > > I'm not sure how helpful it is to assign "blame" here. I think the > requested improvement is reasonable -- it should be possible to > override the default for a particular connection, without having to > pick a junk value that you hope doesn't match up with an actual file > on the disk. > > > Although both patches achieve a similar goal regarding not sending the > > client certificate there is still a slight but in my opinion important > difference > > between them: sslmode=disable will also disable channel encryption. It > > may or may not be acceptable depending on how the connection is between > > your client and the server. > > sslmode=disable isn't used in either of our proposals, though. Unless > I'm missing what you mean? > > --Jacob >