Received: from localhost (maia-3.hub.org [200.46.204.184])
	by postgresql.org (Postfix) with ESMTP id 130539FB7F2
	for <pgsql-admin-postgresql.org@postgresql.org>;
	Fri, 23 Mar 2007 19:01:26 -0300 (ADT)
Received: from postgresql.org ([200.46.204.71])
	by localhost (mx1.hub.org [200.46.204.184]) (amavisd-new, port 10024)
	with ESMTP id 17255-03 for <pgsql-admin-postgresql.org@postgresql.org>;
	Fri, 23 Mar 2007 19:01:18 -0300 (ADT)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.4
Received: from sss.pgh.pa.us (sss.pgh.pa.us [66.207.139.130])
	by postgresql.org (Postfix) with ESMTP id 948EA9FB7EA
	for <pgsql-admin@postgresql.org>; Fri, 23 Mar 2007 19:01:21 -0300 (ADT)
Received: from sss2.sss.pgh.pa.us (tgl@localhost [127.0.0.1])
	by sss.pgh.pa.us (8.13.6/8.13.6) with ESMTP id l2NM1Hdo025533;
	Fri, 23 Mar 2007 18:01:17 -0400 (EDT)
To: Ray Stell <stellr@cns.vt.edu>
cc: pgsql-admin@postgresql.org
Subject: Re: no verification of client certificate? 
In-reply-to: <20070323181626.GA16092@cns.vt.edu> 
References: <20070323181626.GA16092@cns.vt.edu>
Comments: In-reply-to Ray Stell <stellr@cns.vt.edu>
	message dated "Fri, 23 Mar 2007 14:16:26 -0400"
Date: Fri, 23 Mar 2007 18:01:17 -0400
Message-ID: <25532.1174687277@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
X-Virus-Scanned: Maia Mailguard 1.0.1
X-Archive-Number: 200703/176
X-Sequence-Number: 25000

Ray Stell <stellr@cns.vt.edu> writes:
> I was hoping to not have to support client certs.  I want
> encryption and to verify the server, but no to verify the client.
> Does this work and I've got the config wrong?

Maybe I misunderstand what you want --- doesn't leaving out the
server's root.crt file do that?

			regards, tom lane