Home > mailing lists

Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert - Mailing list pgsql-hackers

From	Daniel Gustafsson
Subject	Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert
Date	September 22, 2021 23:12:03
Msg-id	1F0B017E-1542-45F0-85C0-0CE40CCCE998@yesql.se Whole thread Raw
In response to	Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert (Andrew Dunstan <andrew@dunslane.net>)
List	pgsql-hackers

Tree view

> On 22 Sep 2021, at 20:59, Andrew Dunstan <andrew@dunslane.net> wrote:

> I think we need to be consistent on this. NSS builds and OpenSSL builds
> should act the same, mutatis mutandis.

I 100% agree.  Different TLS backends should be able use different truststores
etc but once the server is running they must be identical in terms of how they
interact with a connecting client.  I've tried hard to match our OpenSSL
implementation when hacking on the NSS support, but no doubt I've slipped up
somewhere so indepth reviews like what Jacob et.al have done is needed (and
very welcome).

--
Daniel Gustafsson        https://vmware.com/

pgsql-hackers by date:

From: "Jonathan S. Katz"
Date: 22 September 2021, 23:04:06
Subject: Re: Release 14 Schedule

From: Magnus Hagander
Date: 22 September 2021, 23:44:35
Subject: Re: Release 14 Schedule

Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert - Mailing list pgsql-hackers

Previous

Next