Re: what can go in root.crt ?
| От | Chapman Flack |
|---|---|
| Тема | Re: what can go in root.crt ? |
| Дата | |
| Msg-id | 5ED96A23.9000503@anastigmatix.net обсуждение исходный текст |
| Ответ на | Re: what can go in root.crt ? (Andrew Dunstan <andrew.dunstan@2ndquadrant.com>) |
| Ответы |
Re: what can go in root.crt ?
|
| Список | pgsql-hackers |
On 06/04/20 17:31, Andrew Dunstan wrote: > Do we actually do any of this sort of thing? I confess my impression was > this is all handled by the openssl libraries, we just hand over the > certs and let openssl do its thing. Am I misinformed about that? I haven't delved very far into the code yet (my initial aim with this thread was not to pose a rhetorical question, but an ordinary one, and somebody would know the answer). By analogy to other SSL libraries I have worked with, my guess would be that there are certain settings and callbacks available that would determine some of what it is doing. In the javax.net.ssl package [1], for example, there are HostnameVerifier and TrustManager interfaces; client code can supply implementations of these that embody its desired policies. Regards, -Chap
В списке pgsql-hackers по дате отправления: