Home > mailing lists

Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert
Date	September 7, 2021 19:48:27
Msg-id	3203331.1631033307@sss.pgh.pa.us Whole thread Raw
In response to	Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert (Andrew Dunstan <andrew@dunslane.net>)
List	pgsql-hackers

Tree view

Andrew Dunstan <andrew@dunslane.net> writes:
> You don't have to copy anything to achieve what you want. Just set the
> sslrootcert parameter of your connection to point to the system file. e.g.

> psql "sslmode=verify-full sslrootcert=/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt ..."

While that does work for me, it seems pretty OS-specific and
user-unfriendly.  Why should ordinary users need to know that
much about their platform's OpenSSL installation?

            regards, tom lane

pgsql-hackers by date:

From: Amul Sul
Date: 07 September 2021, 19:32:32
Subject: Re: [Patch] ALTER SYSTEM READ ONLY

From: Andrew Dunstan
Date: 07 September 2021, 19:50:19
Subject: Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert

Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert - Mailing list pgsql-hackers

Previous

Next