| From: | George MacKerron <george(at)mackerron(dot)co(dot)uk> |
|---|---|
| To: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
| Cc: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Making sslrootcert=system work on Windows psql |
| Date: | 2025-04-02 13:39:06 |
| Message-ID: | 9534947B-5E64-4941-AA4A-D5B16DA4577B@mackerron.co.uk |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Daniel, Jacob: thanks. My feeling is that it would be a bit odd to prioritise the preservation of a secondary behaviour (users can customise what cert store is used via environment variables) over fixing the feature’s basic reason for existing (certificates will be validated against the system CA cert store), even in the name of backward-compatibility.
But happily, I don’t think we need to choose. Can’t we just use the Windows system store if neither of the relevant environment variables is set?
I’ve updated my patch to do that. It’s attached, and also still here: https://github.com/postgres/postgres/compare/master...jawj:postgres:jawj-sslrootcert-system-windows
| Attachment | Content-Type | Size |
|---|---|---|
| sslrootcert-system-win-2.diff | application/octet-stream | 1.0 KB |
| unknown_filename | text/plain | 1.6 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Heikki Linnakangas | 2025-04-02 13:48:46 | Re: Make query cancellation keys longer |
| Previous Message | Zhijie Hou (Fujitsu) | 2025-04-02 13:32:50 | RE: Fix slot synchronization with two_phase decoding enabled |