On 9/22/21 2:36 PM, Jacob Champion wrote: > On Sat, 2021-09-18 at 14:20 +0200, Cameron Murdoch wrote: >> Having sslrootcert use the system trust store if >> ~/.postgresql/root.crt doesn’t exist would seem like a good change. > Fallback behavior can almost always be exploited given the right > circumstances. IMO, if I've told psql to use a root cert, it really > needs to do that and not trust anything else. > >> Changing sslmode to default to something else would mostly likely >> break a ton of existing installations, and there are plenty of use >> cases were ssl isn’t used. Trying ssl first and without afterwards >> probably is still a sensible default. However… > The discussion on changing the sslmode default behavior seems like it > can be separated from the use of system certificates. Not to shut down > that branch of the conversation, but is there enough tentative support > for an "sslrootcert=system" option to move forward with that, while > also discussing potential changes to the sslmode defaults? > > The NSS patchset [1] also deals with this problem. FWIW, it currently > treats an empty ssldatabase setting as "use the system's (Mozilla's) > trusted roots". >
I think we need to be consistent on this. NSS builds and OpenSSL builds should act the same, mutatis mutandis. cheers andrew -- Andrew Dunstan EDB: https://www.enterprisedb.com
