| From: | George MacKerron <george(at)mackerron(dot)co(dot)uk> |
|---|---|
| To: | Jelte Fennema-Nio <postgres(at)jeltef(dot)nl> |
| Cc: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com>, Daniel Gustafsson <daniel(at)yesql(dot)se>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Making sslrootcert=system work on Windows psql |
| Date: | 2025-04-25 12:34:18 |
| Message-ID: | 6879E9A3-E71A-4E7E-BAC6-2B91F29C11AE@mackerron.co.uk |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On Fri, 25 Apr 2025 at 12:22, George MacKerron <george(at)mackerron(dot)co(dot)uk> wrote:
>> I know the documentation has now been changed to reflect that ‘system’ actually means OpenSSL.
>
> I didn't realize that. I'm definitely not in favor of that doc change.
> It's describing behaviour that I believe is incorrect, as if it's
> actually intended.
The change was described in Daniel’s message on 3 April. It’s actually a bit subtler than I suggested. The diff is:
The special value <literal>system</literal> may be specified instead, in
- which case the system's trusted CA roots will be loaded.
+ which case the trusted CA roots from the SSL implementation will be loaded.
I agree with you here: the change makes the docs more correct, but the correctly-documented behaviour itself still seems incorrect to me.
I think a clue is that the word ‘system’ no longer appears in the updated version of text explaining what sslrootcert=system does!
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Sutou Kouhei | 2025-04-25 12:45:34 | Re: Make COPY format extendable: Extract COPY TO format implementations |
| Previous Message | Nisha Moond | 2025-04-25 12:23:38 | Re: Fix slot synchronization with two_phase decoding enabled |