Home > mailing lists

Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert
Date	April 14, 2023 16:51:19
Msg-id	1511842.1681480279@sss.pgh.pa.us Whole thread Raw
In response to	Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert (Daniel Gustafsson <daniel@yesql.se>)
Responses	Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert (Daniel Gustafsson <daniel@yesql.se>)
List	pgsql-hackers

Tree view

Daniel Gustafsson <daniel@yesql.se> writes:
> I mainly put save_errno back into SOCK_ERRNO for greppability, I don't have any
> strong opinions either way so I went with the latter suggestion.  Attached v3
> does the above change and passes the tests both with a broken and working
> system CA pool.  Unless objections from those with failing local envs I propose
> this is pushed to close the open item.

One more question when looking at it with fresh eyes: should the argument
of X509_verify_cert_error_string be "ecode" or "vcode"?

            regards, tom lane

pgsql-hackers by date:

From: "Jonathan S. Katz"
Date: 14 April 2023, 16:46:59
Subject: Re: Should we remove vacuum_defer_cleanup_age?

From: Greg Stark
Date: 14 April 2023, 17:05:08
Subject: Re: Temporary tables versus wraparound... again

Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert - Mailing list pgsql-hackers

Previous

Next