Home > mailing lists

Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert - Mailing list pgsql-hackers

From	Greg Stark
Subject	Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert
Date	April 13, 2023 04:34:09
Msg-id	CAM-w4HM8twdcguQKbhvhJR-tRWFkhC05Ga4fWp+c8tWrxZKHPQ@mail.gmail.com Whole thread Raw
In response to	Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert (Daniel Gustafsson <daniel@yesql.se>)
List	pgsql-hackers

Tree view

On Wed, Apr 12, 2023, 19:30 Daniel Gustafsson <daniel@yesql.se> wrote:
>
>  The issue we have is that we cannot get PGconn in
> verify_cb so logging an error is tricky.


Hm, the man page talks about a "ex_data mechanism" which seems to be
referring to this Rube Goldberg device
https://www.openssl.org/docs/man3.1/man3/SSL_get_ex_data.html

It looks like X509_STORE_CTX_set_app_data() and
X509_STORE_CTX_get_app_data() would be convenience macros to do this.

pgsql-hackers by date:

From: Kyotaro Horiguchi
Date: 13 April 2023, 04:29:38
Subject: Re: Bufmgr possible overflow

From: Kyotaro Horiguchi
Date: 13 April 2023, 05:00:31
Subject: Re: Issue in postgres_fdw causing unnecessary wait for cancel request reply

Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert - Mailing list pgsql-hackers

Previous

Next