[pgpool-hackers: 3005] Re: New feature: supporting SCRAM and CERT based authentication in Pgpool-II
ishii at sraoss.co.jp
Tue Aug 28 09:53:17 JST 2018
One thing I forgot to mention:
>> BTW, do we need 'ssl_ca_cert_dir' ? PostgreSQL doesn't expose such an
>> option, so maybe NULL is better ? See their root_cert_dir code.
As far as I know, SSL_CTX_load_verify_locations(Pgpool-II uses this
function with ssl_ca_cert_dir) kindly tracks the certificate chain,
which PostgreSQL does not. So it seems ssl_ca_cert_dir is a good thing
and I think we need to keep it.
SRA OSS, Inc. Japan
More information about the pgpool-hackers