Home > mailing lists

Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert - Mailing list pgsql-hackers

From	Michael Paquier
Subject	Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert
Date	December 2, 2022 08:26:31
Msg-id	Y4mMhy98kPlbQwdQ@paquier.xyz Whole thread Raw
In response to	Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert (Jacob Champion <jchampion@timescale.com>)
Responses	Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert (Jacob Champion <jchampion@timescale.com>)
List	pgsql-hackers

Tree view

On Mon, Nov 07, 2022 at 05:04:14PM -0800, Jacob Champion wrote:
> Done. sslrootcert=system now prevents you from explicitly setting a
> weaker sslmode, to try to cement it as a Do What I Mean sort of
> feature. If you need something weird then you can still jump through
> the hoops by setting sslrootcert to a real file, same as today.
>
> The macOS/OpenSSL 3.0.0 failure is still unfixed.

Err, could you look at that?  I am switching the patch as waiting on
author.
--
Michael

Attachment

signature.asc

pgsql-hackers by date:

From: Michael Paquier
Date: 02 December 2022, 08:22:55
Subject: Re: Non-replayable WAL records through overflows and >MaxAllocSize lengths

From: Andres Freund
Date: 02 December 2022, 08:39:45
Subject: Re: Failed Assert in pgstat_assoc_relation

Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert - Mailing list pgsql-hackers

Attachment

Previous

Next