| From: | Thomas Habets <thomas(at)habets(dot)se> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | [PATCH] Add `verify-system` sslmode to use system CA pool for server cert |
| Date: | 2021-09-06 15:42:07 |
| Message-ID: | CA+kHd+cJwCUxVb-Gj_0ptr3_KZPwi3+67vK6HnLFBK9MzuYrLA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
With Letsencrypt now protecting web servers left and right, and it makes
sense to me to just re-use the cert that the server may already have
installed.
I've tested this on debian with the client compiled from the master branch,
against a 13.3 server.
This is my first patch to postgresql, so I apologize for any process
errors. I tried to follow
https://wiki.postgresql.org/wiki/Submitting_a_Patch
Hope this list takes attachments.
--
typedef struct me_s {
char name[] = { "Thomas Habets" };
char email[] = { "thomas(at)habets(dot)se <thomas(at)habets(dot)pp(dot)se>" };
char kernel[] = { "Linux" };
char *pgpKey[] = { "http://www.habets.pp.se/pubkey.txt" };
char pgp[] = { "9907 8698 8A24 F52F 1C2E 87F6 39A4 9EEA 460A 0169" };
char coolcmd[] = { "echo '. ./_&. ./_'>_;. ./_" };
} me_t;
| Attachment | Content-Type | Size |
|---|---|---|
| 0001-Add-sslmode-verify-system-using-default-CAs.patch | text/x-patch | 13.3 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dilip Kumar | 2021-09-06 15:43:50 | Re: [BUG] Failed Assertion in ReorderBufferChangeMemoryUpdate() |
| Previous Message | Drouvot, Bertrand | 2021-09-06 15:24:23 | Re: [BUG] Failed Assertion in ReorderBufferChangeMemoryUpdate() |