Usage of the system truststore for SSL certificate validation
От | Thomas Berger |
---|---|
Тема | Usage of the system truststore for SSL certificate validation |
Дата | |
Msg-id | 3267904.gQGN15cTPc@lxka-fl3lqq2 обсуждение исходный текст |
Ответы |
Re: Usage of the system truststore for SSL certificate validation
Re: Usage of the system truststore for SSL certificate validation |
Список | pgsql-hackers |
Hi, currently, libpq does SSL cerificate validation only against the defined `PGSSLROOTCERT` file. Is there any specific reason, why the system truststore ( at least under unixoid systems) is not considered for the validation? We would like to contribute a patch to allow certificate validation against the system truststore. Are there any opinions against it? A little bit background for this: Internally we sign the certificates for our systems with our own CA. The CA root certificates and revocation lists are distributed via puppet and/or packages on all of our internal systems. Validating the certificate against this CA requires to either override the PGSSLROOTCERT location via the environment or provide a copy of the file for each user that connects with libpq or libpq-like connectors. We would like to simplify this. -- Thomas Berger PostgreSQL DBA Database Operations 1&1 Telecommunication SE | Ernst-Frey-Straße 10 | 76135 Karlsruhe | Germany
В списке pgsql-hackers по дате отправления: