Re: what can go in root.crt ? - Mailing list pgsql-hackers

From Chapman Flack
Subject Re: what can go in root.crt ?
Date
Msg-id 5ED91164.3070402@anastigmatix.net
Whole thread Raw
In response to Re: what can go in root.crt ?  (Laurenz Albe <laurenz.albe@cybertec.at>)
List pgsql-hackers
On 06/04/20 11:04, Laurenz Albe wrote:
> I was referring to the wish to *not* use a self-signed CA certificate,
> but an intermediate certificate as the ultimate authority, based on
> a distrust of the certification authority that your organization says
> you should trust.

Are you aware of any principled reason it should be impossible to
include an end-entity certificate in the trust store used by a client?

Are you aware of any principled reason it should be impossible to
include a certificate that has the CA:TRUE and Certificate Sign bits
in the trust store used by a client, whether it is its own signer
or has been signed by another CA?

Regards,
-Chap



pgsql-hackers by date:

Previous
From: Juan Fuentes
Date:
Subject: Re: Possible bug on Postgres 12 (CASE THEN evaluated prematurely) -Change of behaviour compared to 11, 10, 9
Next
From: Avinash Kumar
Date:
Subject: Re: Just for fun: Postgres 20?