| From: | Jelte Fennema-Nio <postgres(at)jeltef(dot)nl> |
|---|---|
| To: | George MacKerron <george(at)mackerron(dot)co(dot)uk> |
| Cc: | Daniel Gustafsson <daniel(at)yesql(dot)se>, Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Making sslrootcert=system work on Windows psql |
| Date: | 2025-04-24 22:19:15 |
| Message-ID: | CAGECzQR30c2kqwznhCSLKe8pX1Pdfiwsg0qXNgw1bypjpAt21g@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, 24 Apr 2025 at 23:52, Jelte Fennema-Nio <postgres(at)jeltef(dot)nl> wrote:
> How about we add a *compile time*
> option that allows the person that compiles libpq to choose which cert
> store it should use if sslrootcert=system is provided. Something like
> --system-cert-store=openssl and --system-cert-store=winstore flags for
> ./configure.
@George So basically my suggestion is to make the behaviour that your
patch introduces configurable at compile time. FWIW my vote would
probably be to default to --system-cert-store=winstore if it's
available. And then --system-cert-store=openssl would be a way out for
people that took the effort to configure openssl correctly on Windows.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David E. Wheeler | 2025-04-24 22:27:37 | Re: extension_control_path and "directory" |
| Previous Message | Jelte Fennema-Nio | 2025-04-24 22:16:03 | Re: sslmode=secure by default (Re: Making sslrootcert=system work on Windows psql) |