On Thu, Jun 23, 2016 at 1:50 AM, Bruce Momjian <br...@momjian.us> wrote:
> On Thu, Jun 16, 2016 at 10:42:56AM +0200, Magnus Hagander wrote: > > However, if this is the expected behavior, the documentation > at https:// > > www.postgresql.org/docs/current/static/libpq-ssl.html should be > updated to > > make this more clear. It should be made clear that the existence of > the > > file ~/.postgresql/root.crt changes the behavior of sslmode=require > and > > sslmode=prefer. > > > > > > > > Agreed. It's basically backwards compatibility with something that was > badly > > documented in the first place :) That's not a particularly strong > argument for > > the way it is. Clarifying the documentation would definitely be a good > > improvement. > > Does this have to remain backward-compatible forever? > In general no. But I think the problem here is that if somebody misses the removal of something backwards compatible, it turns off their security. Which is not good... -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/