Re: Making sslrootcert=system work on Windows psql
George MacKerron <george@mackerron.co.uk>
From: George MacKerron <george@mackerron.co.uk>
To: Jelte Fennema-Nio <postgres@jeltef.nl>
Cc: Jacob Champion <jacob.champion@enterprisedb.com>,
Daniel Gustafsson <daniel@yesql.se>,
PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2025-04-25T12:34:18Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
doc: Clarify the system value for sslrootcert
- dda1b0603523 16.9 landed
- daa16893faa9 18.0 landed
- c88b36d382eb 17.5 landed
> On Fri, 25 Apr 2025 at 12:22, George MacKerron <george@mackerron.co.uk> wrote:
>> I know the documentation has now been changed to reflect that ‘system’ actually means OpenSSL.
>
> I didn't realize that. I'm definitely not in favor of that doc change.
> It's describing behaviour that I believe is incorrect, as if it's
> actually intended.
The change was described in Daniel’s message on 3 April. It’s actually a bit subtler than I suggested. The diff is:
The special value <literal>system</literal> may be specified instead, in
- which case the system's trusted CA roots will be loaded.
+ which case the trusted CA roots from the SSL implementation will be loaded.
I agree with you here: the change makes the docs more correct, but the correctly-documented behaviour itself still seems incorrect to me.
I think a clue is that the word ‘system’ no longer appears in the updated version of text explaining what sslrootcert=system does!