Postgres Pro
Downloads
Home   >   mailing lists

Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert - Mailing list pgsql-hackers

From Jacob Champion
Subject Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert
Date
Msg-id CAAWbhmiooyr5s9X_i9Zw5sO5Ba_GPJ9EvoAQvz7gabApZ6UKQg@mail.gmail.com
Whole thread Raw
In response to Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert  (thomas@habets.se)
Responses Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert
List pgsql-hackers
Tree view 
On Tue, Nov 1, 2022 at 5:30 AM <thomas@habets.se> wrote:
> Sweet. I just created an account with username `habets`.

Added!

OpenSSL 3.0.0 doesn't get along with one of my new tests:

    # Failed test 'sslrootcert=system does not connect with private CA: matches'
    # at /Users/admin/pgsql/src/test/ssl/t/001_ssltests.pl line 453.
    # 'psql: error: connection to server at "127.0.0.1", port 56124
failed: SSL error: unregistered scheme'
    # doesn't match '(?^:SSL error: certificate verify failed)'
    # Looks like you failed 1 test of 191.

I'm not familiar with "unregistered scheme" in this context and will
need to dig in.

--Jacob

pgsql-hackers by date:

Previous
From: Magnus Hagander
Date:
Subject: Re: Commit fest 2022-11
Next
From: Andres Freund
Date:
Subject: Re: heavily contended lwlocks with long wait queues scale badly