On 05/26/20 00:07, Alvaro Herrera wrote:
>> If the libpq root.crt file can be made to work similarly to a
>> Java trustStore, that expands the possible solution space.
>
> If I understand you correctly, you want a file in which you drop any of
> these intermediate CA's cert in, causing the server to trust a cert
> emitted by that CA -- regardless of that CA being actually root.
Right: an intermediate cert, or a self-signed root cert, or even the
end-entity (leaf) cert for a specific machine. You name it, if I put
in in the trust store, and a connection verification starts with or leads
to a cert that I put there, success.
Regards,
-Chap