| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Jacob Champion <jchampion(at)timescale(dot)com> |
| Cc: | Jelte Fennema <postgres(at)jeltef(dot)nl>, Michael Paquier <michael(at)paquier(dot)xyz>, thomas(at)habets(dot)se, pgsql-hackers(at)postgresql(dot)org, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Bruce Momjian <bruce(at)momjian(dot)us>, Andrew Dunstan <andrew(at)dunslane(dot)net> |
| Subject: | Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert |
| Date: | 2023-01-11 18:23:23 |
| Message-ID: | CABUevExo2+xFf0Fd=WgNrCEDi69MPefAyxb0dxeB5uJfS4Y2PQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Jan 11, 2023 at 6:27 PM Jacob Champion <jchampion(at)timescale(dot)com>
wrote:
> On Wed, Jan 11, 2023 at 6:37 AM Jelte Fennema <postgres(at)jeltef(dot)nl> wrote:
> >
> > LGTM. As far as I can tell this is ready for a committer.
>
> Thanks for the reviews!
>
Sorry to jump in (very) late in this game. So first, I like this general
approach :)
It feels icky to have to add configure tests just to make a test work. But
I guess there isn't really a way around that if we want to test the full
thing.
However, shouldn't we be using X509_get_default_cert_file_env() to get the
name of the env? Granted it's unlikely to be anything else, but if it's an
API you're supposed to use. (In an ideal world that function would not
return anything in LibreSSL but I think it does include something, and then
just ignores it?)
--
Magnus Hagander
Me: https://www.hagander.net/ <http://www.hagander.net/>
Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Isaac Morland | 2023-01-11 18:24:18 | Re: Remove source code display from \df+? |
| Previous Message | Justin Pryzby | 2023-01-11 18:16:23 | Re: Remove source code display from \df+? |