Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert

Поиск
Список
Период
Сортировка
От Magnus Hagander
Тема Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert
Дата
Msg-id CABUevExo2+xFf0Fd=WgNrCEDi69MPefAyxb0dxeB5uJfS4Y2PQ@mail.gmail.com
обсуждение исходный текст
Ответ на Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert  (Jacob Champion <jchampion@timescale.com>)
Ответы Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert  (Jacob Champion <jchampion@timescale.com>)
Список pgsql-hackers
Дерево обсуждения
On Wed, Jan 11, 2023 at 6:27 PM Jacob Champion <jchampion@timescale.com> wrote:
On Wed, Jan 11, 2023 at 6:37 AM Jelte Fennema <postgres@jeltef.nl> wrote:
>
> LGTM. As far as I can tell this is ready for a committer.

Thanks for the reviews!

Sorry to jump in (very) late in this game. So first, I like this general approach :)

It feels icky to have to add configure tests just to make a test work. But I guess there isn't really a way around that if we want to test the full thing.

However, shouldn't we be using X509_get_default_cert_file_env() to get the name of the env? Granted it's  unlikely to be anything else, but if it's an API you're supposed to use. (In an ideal world that function would not return anything in LibreSSL but I think it does include something, and then just ignores it?)

--

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Justin Pryzby
Дата:
Сообщение: Re: Remove source code display from \df+?
Следующее
От: Isaac Morland
Дата:
Сообщение: Re: Remove source code display from \df+?