Hello all, I see a strange behaviour using root.crt. PostgreSQL always waits a client certificate to check agains root.crt. But I set up a 'hostnossl' auth line un pg_hba.conf, PostgreSQL still wants a client certificate. Also fails if line is a 'host'. Better with an example: ---pg_hba.conf--- hostssl all all 192.168.0.1/32 md5 hostnossl all all 192.168.0.2/32 md5 ----------------- If I connect to PostgresSQL from 192.168.0.1, it fails if I don't provide a client certificate, it is ok. But if I connect from 192.168.0.2, it also fails becouse I don't send a certificate. But I declared a non-ssl connection from 192.168.0.2, it should let me connect to databases, isn'it? Removing root.crt works as expected. Client in 192.168.0.1 connect using a SSL connection, and client in 192.168.0.2 connect using a single connection. It this behaviour ok? I think not. I want to allow clients on my LAN access PostgreSQL server without a SSL connection , and require a client certificate and a SSL connection to clients from outside my LAN. I think it is not a strange configuration. So the configuration is: ---pg_hba.conf--- hostnossl all all <my-lan-range> md5 hostssl <user> <db> 0.0.0.0/0 md5 ----------------- This fails, because PostgreSQL expect that all clients provide a client certificate. Is there any config option to solve this? Is there any page or manual about PostgreSQL with SSL (more in-deep that http://www.postgresql.org/docs/8.0/interactive/ssl-tcp.html) ? Oh, I'm using PostgreSQL 8.0.8 on a Gentoo box. Maybe I have to upgrade to another version? Thans you in advance.
