diff options
| -rw-r--r-- | src/backend/libpq/hba.c | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/src/backend/libpq/hba.c b/src/backend/libpq/hba.c index f25505feb38..2aaa898a6bf 100644 --- a/src/backend/libpq/hba.c +++ b/src/backend/libpq/hba.c @@ -28,6 +28,7 @@ #include "catalog/pg_collation.h" #include "libpq/ip.h" #include "libpq/libpq.h" +#include "postmaster/postmaster.h" #include "regex/regex.h" #include "replication/walsender.h" #include "storage/fd.h" @@ -832,8 +833,20 @@ parse_hba_line(List *line, int line_num, HbaLine *parsedline) if (token[4] == 's') /* "hostssl" */ { + /* SSL support must be actually active, else complain */ #ifdef USE_SSL - parsedline->conntype = ctHostSSL; + if (EnableSSL) + parsedline->conntype = ctHostSSL; + else + { + ereport(LOG, + (errcode(ERRCODE_CONFIG_FILE_ERROR), + errmsg("hostssl requires SSL to be turned on"), + errhint("Set ssl = on in postgresql.conf."), + errcontext("line %d of configuration file \"%s\"", + line_num, HbaFileName))); + return false; + } #else ereport(LOG, (errcode(ERRCODE_CONFIG_FILE_ERROR), |