Re: Making sslrootcert=system work on Windows psql
George MacKerron <george@mackerron.co.uk>
From: George MacKerron <george@mackerron.co.uk>
To: Daniel Gustafsson <daniel@yesql.se>
Cc: Jacob Champion <jacob.champion@enterprisedb.com>,
PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2025-04-02T13:39:06Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
doc: Clarify the system value for sslrootcert
- dda1b0603523 16.9 landed
- daa16893faa9 18.0 landed
- c88b36d382eb 17.5 landed
Attachments
- sslrootcert-system-win-2.diff (application/octet-stream) patch
- (unnamed) (text/plain)
Daniel, Jacob: thanks. My feeling is that it would be a bit odd to prioritise the preservation of a secondary behaviour (users can customise what cert store is used via environment variables) over fixing the feature’s basic reason for existing (certificates will be validated against the system CA cert store), even in the name of backward-compatibility. But happily, I don’t think we need to choose. Can’t we just use the Windows system store if neither of the relevant environment variables is set? I’ve updated my patch to do that. It’s attached, and also still here: https://github.com/postgres/postgres/compare/master...jawj:postgres:jawj-sslrootcert-system-windows