Quick Links

Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Thomas Habets <thomas(at)habets(dot)se>
Cc:	pgsql-hackers(at)postgresql(dot)org
Subject:	Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert
Date:	2021-09-06 19:47:37
Message-ID:	3114921.1630957657@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Thomas Habets <thomas(at)habets(dot)se> writes:
> With Letsencrypt now protecting web servers left and right, and it makes
> sense to me to just re-use the cert that the server may already have
> installed.

I'm confused by your description of this patch. AFAIK, OpenSSL verifies
against the system-wide CA pool by default. Why do we need to do
anything?

regards, tom lane

In response to

[PATCH] Add `verify-system` sslmode to use system CA pool for server cert at 2021-09-06 15:42:07 from Thomas Habets

Responses

Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert at 2021-09-06 22:21:13 from thomas

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Paul A Jungwirth	2021-09-06 19:52:37	Re: SQL:2011 application time
Previous Message	Justin Pryzby	2021-09-06 19:37:31	Re: Correct handling of blank/commented lines in PSQL interactive-mode history