| From: | Chapman Flack <chap(at)anastigmatix(dot)net> |
|---|---|
| To: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> |
| Cc: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: what can go in root.crt ? |
| Date: | 2020-05-26 04:31:34 |
| Message-ID: | 5ECC9BA6.6000605@anastigmatix.net |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 05/26/20 00:07, Alvaro Herrera wrote:
>> If the libpq root.crt file can be made to work similarly to a
>> Java trustStore, that expands the possible solution space.
>
> If I understand you correctly, you want a file in which you drop any of
> these intermediate CA's cert in, causing the server to trust a cert
> emitted by that CA -- regardless of that CA being actually root.
Right: an intermediate cert, or a self-signed root cert, or even the
end-entity (leaf) cert for a specific machine. You name it, if I put
in in the trust store, and a connection verification starts with or leads
to a cert that I put there, success.
Regards,
-Chap
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Chapman Flack | 2020-05-26 04:35:06 | Re: what can go in root.crt ? |
| Previous Message | Isaac Morland | 2020-05-26 04:12:18 | Re: what can go in root.crt ? |