Re: Making sslrootcert=system work on Windows psql
| От | Daniel Gustafsson |
|---|---|
| Тема | Re: Making sslrootcert=system work on Windows psql |
| Дата | |
| Msg-id | AA259633-BFF0-4C23-AEF6-E75EAC996BB2@yesql.se обсуждение исходный текст |
| Ответ на | Re: Making sslrootcert=system work on Windows psql (George MacKerron <george@mackerron.co.uk>) |
| Список | pgsql-hackers |
> On 25 Apr 2025, at 15:40, George MacKerron <george@mackerron.co.uk> wrote: > >> On 25 Apr 2025, at 13:53, Daniel Gustafsson <daniel@yesql.se> wrote: >>> >>>> (2) sslrootcert=system on Windows doesn’t do a thing that would be extremely useful in some common situations. Namely:connecting securely to servers that present a certificate signed by a public CA. >>> >>> Just to be clear, does (2) happens when the OpenSSL installation has a bogus >>> OPENSSLDIR value, or does it happen regardless? >> >> I would still like to get clarity on this, do you have any insights here? > > I can tell you what happens on my Windows 11 system with Postgres 17 via the EDB installer, which has a non-bogus OPENSSLDIR. Thanks for confirming. > OpenSSL appears to have been built with OPENSSLDIR="C:\Program Files\Common Files\SSL". > > This is a valid path, the directory exists, and it contains a few *.cnf files. I’m pretty sure the EDB installer created.. It did, CVE-2019-10211 has more details. > ..and populated this directory. The contents most likely come from building OpenSSL, by the sounds of it that's the stock OPENSSLDIR setup. -- Daniel Gustafsson
В списке pgsql-hackers по дате отправления: