| From: | Christoph Berg <myon(at)debian(dot)org> |
|---|---|
| To: | George MacKerron <george(at)mackerron(dot)co(dot)uk> |
| Cc: | Daniel Gustafsson <daniel(at)yesql(dot)se>, Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Making sslrootcert=system work on Windows psql |
| Date: | 2025-04-03 13:28:12 |
| Message-ID: | Z-6M7Dx7s6IX_ipL@msg.df7cb.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Re: George MacKerron
> (3) Any other ideas?
I'm not a fan of "security by adding more connection parameters".
What are the chances of making "use the system/os default CA store"
the default? "sslmode=require" would then already actually "require" a
certificate if I'm reading the docs right. This would match user
expectation for POLA.
This default could then be pointed at the correct locations (plural)
on all operating systems. (sslrootcert=system:wincert:otherlocation?)
The "default default" would still be sslmode=prefer so it wouldn't
break today's normal case. Users of sslmode=require will understand
that supplying a CA certificate is no longer optional.
Perhaps add a sslmode=require-weak could be added as a workaround.
Christoph
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2025-04-03 13:32:49 | Re: Update LDAP Protocol in fe-connect.c to v3 |
| Previous Message | Jakub Wartak | 2025-04-03 13:12:38 | Re: Draft for basic NUMA observability |