| From: | Chapman Flack <chap(at)anastigmatix(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Andrew Dunstan <andrew(dot)dunstan(at)2ndquadrant(dot)com>, Ants Aasma <ants(at)cybertec(dot)at>, Bruce Momjian <bruce(at)momjian(dot)us>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: what can go in root.crt ? |
| Date: | 2020-06-04 22:09:31 |
| Message-ID: | 5ED9711B.4050009@anastigmatix.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 06/04/20 18:03, Tom Lane wrote:
> It's possible that we could force openssl to validate cases it doesn't
> accept now. Whether we *should* deviate from its standard behavior is
> a fairly debatable question though. I would not be inclined to do so
> unless we find that many other consumers of the library also do that.
> Overriding a library in its specific area of expertise seems like a
> good way to get your fingers burnt.
Sure. It seems sensible to me to start by documenting /what/ it is doing
now, and to what extent that should be called "its standard behavior"
versus "the way libpq is calling it", because even if nothing is to be
changed, there will be people who need to be able to find that information
to understand what will and won't work.
Regards,
-Chap
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2020-06-04 22:14:26 | Re: what can go in root.crt ? |
| Previous Message | Tom Lane | 2020-06-04 22:03:47 | Re: what can go in root.crt ? |