Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert
Jacob Champion <jchampion@timescale.com>
From: Jacob Champion <jchampion@timescale.com>
To: thomas@habets.se
Cc: pgsql-hackers@postgresql.org, Tom Lane <tgl@sss.pgh.pa.us>, Bruce Momjian <bruce@momjian.us>, Andrew Dunstan <andrew@dunslane.net>
Date: 2022-11-01T17:55:49Z
Lists: pgsql-hackers
On Tue, Nov 1, 2022 at 10:03 AM Jacob Champion <jchampion@timescale.com> wrote: > I'm not familiar with "unregistered scheme" in this context and will > need to dig in. Unfortunately I can't reproduce with 3.0.0 on Ubuntu :( I'm suspicious that it may be related to [1], in which case the problem might be fixed by upgrading to the latest OpenSSL. But that's just a guess. --Jacob [1] https://github.com/openssl/openssl/issues/18691
Commits
-
ci: Remove OpenSSL 3.1 workaround for missing system CA
- c5e4ec293ea5 16.0 landed
-
Fix errormessage for missing system CA in OpenSSL 3.1
- 0b5d1fb36add 16.0 landed
-
Add MacPorts support to src/test/ldap tests.
- 9517e6e1dd60 11.20 landed
-
Allow to use system CA pool for certificate verification
- 8eda73146527 16.0 landed