Quick Links

Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert

From:	Michael Paquier <michael(at)paquier(dot)xyz>
To:	Jacob Champion <jchampion(at)timescale(dot)com>
Cc:	thomas(at)habets(dot)se, pgsql-hackers(at)postgresql(dot)org, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Bruce Momjian <bruce(at)momjian(dot)us>, Andrew Dunstan <andrew(at)dunslane(dot)net>
Subject:	Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert
Date:	2022-12-02 05:26:31
Message-ID:	Y4mMhy98kPlbQwdQ@paquier.xyz
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

On Mon, Nov 07, 2022 at 05:04:14PM -0800, Jacob Champion wrote:
> Done. sslrootcert=system now prevents you from explicitly setting a
> weaker sslmode, to try to cement it as a Do What I Mean sort of
> feature. If you need something weird then you can still jump through
> the hoops by setting sslrootcert to a real file, same as today.
>
> The macOS/OpenSSL 3.0.0 failure is still unfixed.

Err, could you look at that? I am switching the patch as waiting on
author.
--
Michael

In response to

Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert at 2022-11-08 01:04:14 from Jacob Champion

Responses

Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert at 2022-12-02 17:58:34 from Jacob Champion

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Andres Freund	2022-12-02 05:39:45	Re: Failed Assert in pgstat_assoc_relation
Previous Message	Michael Paquier	2022-12-02 05:22:55	Re: Non-replayable WAL records through overflows and >MaxAllocSize lengths