Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert - Mailing list pgsql-hackers

From Andrew Dunstan
Subject Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert
Date
Msg-id cfdfabb2-0af0-7a91-9d47-1dfe3195c754@dunslane.net
Whole thread Raw
In response to Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert  (Greg Stark <stark@mit.edu>)
List pgsql-hackers

On 9/17/21 5:35 PM, Greg Stark wrote:
> Hm. Let's Encrypt's FAQ tells me I'm on the right track with that
> question but the distinctinos are far more coarse than I was worried
> about:
>
>
> Does Let’s Encrypt issue certificates for anything other than SSL/TLS
> for websites?
>
> Let’s Encrypt certificates are standard Domain Validation
> certificates, so you can use them for any server that uses a domain
> name, like web servers, mail servers, FTP servers, and many more.
>
> Email encryption and code signing require a different type of
> certificate that Let’s Encrypt does not issue.



Presumably this should be a certificate something like our client certs,
where the subject designates a user id or similar (e.g. an email
address) rather than a domain name.


cheers


andrew

--
Andrew Dunstan
EDB: https://www.enterprisedb.com



pgsql-hackers by date:

Previous
From: Corey Huinker
Date:
Subject: Re: Undocumented AT TIME ZONE INTERVAL syntax
Next
From: "Jonathan S. Katz"
Date:
Subject: Re: Release 14 Schedule