Home > mailing lists

Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert - Mailing list pgsql-hackers

From	Daniel Gustafsson
Subject	Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert
Date	April 14, 2023 17:20:05
Msg-id	04BE1899-A3FD-4F5D-BAEE-C5C7EAA2848C@yesql.se Whole thread Raw
In response to	Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert (Daniel Gustafsson <daniel@yesql.se>)
List	pgsql-hackers

Tree view


> On 14 Apr 2023, at 15:51, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>
> Daniel Gustafsson <daniel@yesql.se> writes:
>> I mainly put save_errno back into SOCK_ERRNO for greppability, I don't have any
>> strong opinions either way so I went with the latter suggestion.  Attached v3
>> does the above change and passes the tests both with a broken and working
>> system CA pool.  Unless objections from those with failing local envs I propose
>> this is pushed to close the open item.
>
> One more question when looking at it with fresh eyes: should the argument
> of X509_verify_cert_error_string be "ecode" or "vcode"?

Good catch, it should be vcode.

--
Daniel Gustafsson

pgsql-hackers by date:

From: Greg Stark
Date: 14 April 2023, 17:05:08
Subject: Re: Temporary tables versus wraparound... again

From: Daniel Gustafsson
Date: 14 April 2023, 17:20:57
Subject: Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert

Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert - Mailing list pgsql-hackers

Previous

Next