rootcertsystem.diff
application/octet-stream
Filename: rootcertsystem.diff
Type: application/octet-stream
Part: 0
Patch
Same data as JSON:
GET /api/v1/attachments/:id/patch
the parsed metadata as JSON — format, series position, per-file stats; never the diff bytes.
API reference →
Format: unified
| File | + | − |
|---|---|---|
| doc/src/sgml/libpq.sgml | 1 | 1 |
| doc/src/sgml/runtime.sgml | 1 | 1 |
diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml
index b359fbff295..af5dbf8ee22 100644
--- a/doc/src/sgml/libpq.sgml
+++ b/doc/src/sgml/libpq.sgml
@@ -2018,7 +2018,7 @@ postgresql://%2Fvar%2Flib%2Fpostgresql/dbname
</para>
<para>
The special value <literal>system</literal> may be specified instead, in
- which case the system's trusted CA roots will be loaded. The exact
+ which case the trusted CA roots from the SSL implementation will be loaded. The exact
locations of these root certificates differ by SSL implementation and
platform. For <productname>OpenSSL</productname> in particular, the
locations may be further modified by the <envar>SSL_CERT_DIR</envar>
diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml
index 59f39e89924..ec78092227a 100644
--- a/doc/src/sgml/runtime.sgml
+++ b/doc/src/sgml/runtime.sgml
@@ -1994,7 +1994,7 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433
<literal>sslmode=verify-ca</literal> or
<literal>verify-full</literal> and have the appropriate root certificate
file installed (<xref linkend="libq-ssl-certificates"/>). Alternatively the
- system CA pool can be used using <literal>sslrootcert=system</literal>; in
+ <link linkend="libpq-connect-sslrootcert">system CA pool</link>, as defined by the SSL implementation, can be used using <literal>sslrootcert=system</literal>; in
this case, <literal>sslmode=verify-full</literal> is forced for safety, since
it is generally trivial to obtain certificates which are signed by a public
CA.