Home > mailing lists

Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert
Date	September 6, 2021 22:47:37
Msg-id	3114921.1630957657@sss.pgh.pa.us Whole thread Raw
In response to	[PATCH] Add `verify-system` sslmode to use system CA pool for server cert (Thomas Habets <thomas@habets.se>)
Responses	Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert (thomas@habets.se)
List	pgsql-hackers

Tree view

Thomas Habets <thomas@habets.se> writes:
> With Letsencrypt now protecting web servers left and right, and it makes
> sense to me to just re-use the cert that the server may already have
> installed.

I'm confused by your description of this patch.  AFAIK, OpenSSL verifies
against the system-wide CA pool by default.  Why do we need to do
anything?

            regards, tom lane

pgsql-hackers by date:

From: Justin Pryzby
Date: 06 September 2021, 22:37:31
Subject: Re: Correct handling of blank/commented lines in PSQL interactive-mode history

From: Paul A Jungwirth
Date: 06 September 2021, 22:52:37
Subject: Re: SQL:2011 application time

Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert - Mailing list pgsql-hackers

Previous

Next