Greg Stark <st...@mit.edu> writes: > Well what's required to "configure SSL" anyways? If you don't have > verify-ca set or a root canal cert present then the server just needs a > certificate -- any certificate. Can the server just cons one up on demand > (or server startup or initdb)?
Hmm, good old "snake oil certificate" approach. Yeah, we could probably have initdb create a cert all the time. I had memories of this taking an undue amount of time, but it seems pretty fast on a modern server. Also, we could offer a switch to turn it off if necessary, with the understanding that non-Unix-socket connections can be expected to fail if user doesn't install a cert. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers