Home > mailing lists

Re: Making sslrootcert=system work on Windows psql - Mailing list pgsql-hackers

From	Jelte Fennema-Nio
Subject	Re: Making sslrootcert=system work on Windows psql
Date	April 25 01:19:15
Msg-id	CAGECzQR30c2kqwznhCSLKe8pX1Pdfiwsg0qXNgw1bypjpAt21g@mail.gmail.com Whole thread Raw
In response to	Re: Making sslrootcert=system work on Windows psql (Jelte Fennema-Nio <postgres@jeltef.nl>)
List	pgsql-hackers

Tree view

On Thu, 24 Apr 2025 at 23:52, Jelte Fennema-Nio <postgres@jeltef.nl> wrote:
> How about we add a *compile time*
> option that allows the person that compiles libpq to choose which cert
> store it should use if sslrootcert=system is provided. Something like
> --system-cert-store=openssl and --system-cert-store=winstore flags for
> ./configure.

@George So basically my suggestion is to make the behaviour that your
patch introduces configurable at compile time. FWIW my vote would
probably be to default to --system-cert-store=winstore if it's
available. And then --system-cert-store=openssl would be a way out for
people that took the effort to configure openssl correctly on Windows.

pgsql-hackers by date:

From: Jelte Fennema-Nio
Date: 25 April, 01:16:03
Subject: Re: sslmode=secure by default (Re: Making sslrootcert=system work on Windows psql)

From: "David E. Wheeler"
Date: 25 April, 01:27:37
Subject: Re: extension_control_path and "directory"

Re: Making sslrootcert=system work on Windows psql - Mailing list pgsql-hackers

Previous

Next