Home > mailing lists

TLS verification to intermediate trust anchor with psql - Mailing list pgsql-bugs

From	Miroslav Pankov
Subject	TLS verification to intermediate trust anchor with psql
Date	October 21 11:15:29
Msg-id	CAE_nMfJZ71ByBujwbLB5-i423_64rP7kYaUbG9NtfD+rMA040A@mail.gmail.com Whole thread Raw
Responses	Re: TLS verification to intermediate trust anchor with psql
List	pgsql-bugs

Tree view

Hi team.

I would like to raise that per RFC 5280 secton 6.1, TLS verification could be established with a trust anchor which is an intermediate CA and not the root CA in the chain. However, working with psql CLI, sslmode=verify-ca or verify-full, I need to specify sslrootcert to a file containing the root CA.

I think the behavior is derived from libpq and openssl. However, I would like to raise it for a debate on the reasoning and would appreciate the PG team position on it.

NOTE: I am aware that OS-trust works with sslrootcert=system in PG 16+.

Regards.
Miroslav

Attachment

smime.p7s

pgsql-bugs by date:

From: PG Bug reporting form
Date: 21 October, 10:43:58
Subject: BUG #19092: scram_free() will free on address which was not malloc()-ed in pg_scram_mech

From: Álvaro Herrera
Date: 21 October, 11:21:24
Subject: Re: postgres access violation in pg_detoast_datum

TLS verification to intermediate trust anchor with psql - Mailing list pgsql-bugs

Attachment

Previous

Next