[pgpool-hackers: 3005] Re: New feature: supporting SCRAM and CERT based authentication in Pgpool-II

Tatsuo Ishii ishii at sraoss.co.jp
Tue Aug 28 09:53:17 JST 2018

One thing I forgot to mention:

>> BTW, do we need 'ssl_ca_cert_dir' ? PostgreSQL doesn't expose such an
>> option, so maybe NULL is better ? See their root_cert_dir code.

As far as I know, SSL_CTX_load_verify_locations(Pgpool-II uses this
function with ssl_ca_cert_dir) kindly tracks the certificate chain,
which PostgreSQL does not. So it seems ssl_ca_cert_dir is a good thing
and I think we need to keep it.


Best regards,
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php

More information about the pgpool-hackers mailing list