Quick Links

Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert

From:	Daniel Gustafsson <daniel(at)yesql(dot)se>
To:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc:	Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com>, Jacob Champion <jchampion(at)timescale(dot)com>, "Gregory Stark (as CFM)" <stark(dot)cfm(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>, Magnus Hagander <magnus(at)hagander(dot)net>, Michael Paquier <michael(at)paquier(dot)xyz>, thomas(at)habets(dot)se, Bruce Momjian <bruce(at)momjian(dot)us>, Andrew Dunstan <andrew(at)dunslane(dot)net>, Jelte Fennema <postgres(at)jeltef(dot)nl>
Subject:	Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert
Date:	2023-04-14 14:20:57
Message-ID:	F8DD536B-28CA-42F4-92E6-5B70E39DB43F@yesql.se
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

> On 14 Apr 2023, at 16:20, Daniel Gustafsson <daniel(at)yesql(dot)se> wrote:
>
>> On 14 Apr 2023, at 15:51, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>>
>> Daniel Gustafsson <daniel(at)yesql(dot)se> writes:
>>> I mainly put save_errno back into SOCK_ERRNO for greppability, I don't have any
>>> strong opinions either way so I went with the latter suggestion. Attached v3
>>> does the above change and passes the tests both with a broken and working
>>> system CA pool. Unless objections from those with failing local envs I propose
>>> this is pushed to close the open item.
>>
>> One more question when looking at it with fresh eyes: should the argument
>> of X509_verify_cert_error_string be "ecode" or "vcode"?
>
> Good catch, it should be vcode.

And again with the attachment.

--
Daniel Gustafsson

Attachment	Content-Type	Size
libpq_system_ca_fix_v4.diff	application/octet-stream	1.5 KB

In response to

Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert at 2023-04-14 14:20:05 from Daniel Gustafsson

Responses

Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert at 2023-04-14 17:34:36 from Jacob Champion

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Fujii Masao	2023-04-14 14:28:11	Re: Issue in postgres_fdw causing unnecessary wait for cancel request reply
Previous Message	Daniel Gustafsson	2023-04-14 14:20:05	Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert