| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com>, Jacob Champion <jchampion(at)timescale(dot)com>, "Gregory Stark (as CFM)" <stark(dot)cfm(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>, Magnus Hagander <magnus(at)hagander(dot)net>, Michael Paquier <michael(at)paquier(dot)xyz>, thomas(at)habets(dot)se, Bruce Momjian <bruce(at)momjian(dot)us>, Andrew Dunstan <andrew(at)dunslane(dot)net>, Jelte Fennema <postgres(at)jeltef(dot)nl> |
| Subject: | Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert |
| Date: | 2023-04-14 14:20:05 |
| Message-ID: | 04BE1899-A3FD-4F5D-BAEE-C5C7EAA2848C@yesql.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On 14 Apr 2023, at 15:51, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>
> Daniel Gustafsson <daniel(at)yesql(dot)se> writes:
>> I mainly put save_errno back into SOCK_ERRNO for greppability, I don't have any
>> strong opinions either way so I went with the latter suggestion. Attached v3
>> does the above change and passes the tests both with a broken and working
>> system CA pool. Unless objections from those with failing local envs I propose
>> this is pushed to close the open item.
>
> One more question when looking at it with fresh eyes: should the argument
> of X509_verify_cert_error_string be "ecode" or "vcode"?
Good catch, it should be vcode.
--
Daniel Gustafsson
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Daniel Gustafsson | 2023-04-14 14:20:57 | Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert |
| Previous Message | Greg Stark | 2023-04-14 14:05:08 | Re: Temporary tables versus wraparound... again |