Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert
Michael Paquier <michael@paquier.xyz>
From: Michael Paquier <michael@paquier.xyz>
To: Jacob Champion <jchampion@timescale.com>
Cc: thomas@habets.se, pgsql-hackers@postgresql.org, Tom Lane <tgl@sss.pgh.pa.us>, Bruce Momjian <bruce@momjian.us>, Andrew Dunstan <andrew@dunslane.net>
Date: 2022-12-02T05:26:31Z
Lists: pgsql-hackers
On Mon, Nov 07, 2022 at 05:04:14PM -0800, Jacob Champion wrote: > Done. sslrootcert=system now prevents you from explicitly setting a > weaker sslmode, to try to cement it as a Do What I Mean sort of > feature. If you need something weird then you can still jump through > the hoops by setting sslrootcert to a real file, same as today. > > The macOS/OpenSSL 3.0.0 failure is still unfixed. Err, could you look at that? I am switching the patch as waiting on author. -- Michael
Commits
-
ci: Remove OpenSSL 3.1 workaround for missing system CA
- c5e4ec293ea5 16.0 landed
-
Fix errormessage for missing system CA in OpenSSL 3.1
- 0b5d1fb36add 16.0 landed
-
Add MacPorts support to src/test/ldap tests.
- 9517e6e1dd60 11.20 landed
-
Allow to use system CA pool for certificate verification
- 8eda73146527 16.0 landed