> On 25 Apr 2025, at 13:53, Daniel Gustafsson wrote:
>>
>>> (2) sslrootcert=system on Windows doesn’t do a thing that would be
>>> extremely useful in some common situations. Namely: connecting securely to
>>> servers that present a certificate signed by a public CA.
>>
>> Just to be clear, do
> On Fri, 25 Apr 2025 at 12:22, George MacKerron wrote:
>> I know the documentation has now been changed to reflect that ‘system’
>> actually means OpenSSL.
>
> I didn't realize that. I'm definitely not in favor of that doc change.
> It's describing be
> On Thu, 24 Apr 2025 at 23:52, Jelte Fennema-Nio wrote:
>
>> How about we add a *compile time*
>> option that allows the person that compiles libpq to choose which cert
>> store it should use if sslrootcert=system is provided. Something like
>> --system-cert-store=openssl and --system-cert-store
> On 24 Apr 2025, at 18:45, Jacob Champion
> wrote:
>
> On Wed, Apr 23, 2025 at 8:47 AM George MacKerron
> wrote:
>> I’d suggest two new special sslrootcert values:
>>
>> (1) sslrootcert=openssl
>>
>> This does exactly what sslrootcert=syste
> On Linux/*ix, there would be 3 things that are all the same.
>
> If the Windows Openssl store is that bad, wouldn't the smarter thing
> to do for PG19 to use winstore by default? The Openssl one would still
> be available when requested explicitly. This would avoid the
> proliferation of default
> On 3 Apr 2025, at 15:26, Daniel Gustafsson wrote:
>
>> I quite like sslrootcert=os: it’s snappy, and it implies that the Operating
>> System root certs are going to be used (which is what I would have liked
>> sslrootcert=system to mean). Some possible alternatives might be
>> sslrootcert=pu
ut I would
say that’s a much bigger backwards-incompatible change than the one I was
asking for. :)
--
George MacKerron
ation. On the other hand, it’s a
few lines of code that could enable a pretty big improvement in security for
many users’ Postgres connections much sooner.
(3) Any other ideas?
--
George MacKerron
> On 2 Apr 2025, at 14:39, George MacKerron wrote:
> But happily, I don’t think we need to choose. Can’t we just use the Windows
> system store if neither of the relevant environment variables is set?
Thinking about this a little more, I guess the remaining concern is about
people o
/postgres/postgres/compare/master...jawj:postgres:jawj-sslrootcert-system-windows
sslrootcert-system-win-2.diff
Description: Binary data
> On 2 Apr 2025, at 08:32, Daniel Gustafsson wrote:
>
>> On 1 Apr 2025, at 23:46, Jacob Champion
>> wrote:
>> On Tue, Apr 1
I was very pleased to see the sslrootcert=system connection option added in
Postgres 16 (I even blogged about it:
https://neon.tech/blog/avoid-mitm-attacks-with-psql-postgres-16). But
sslrootcert=system has not been widely supported by psql installations, perhaps
because people compiling Postgr
Hi all. I have a library that helps with querying Postgres from TypeScript, and
a user just filed this issue:
https://github.com/jawj/zapatos/issues/74
The library uses the xmax method (ubiquitous on Stack Overflow) to detect
whether an upsert query resulted in an insert or an update. It seem
12 matches
Mail list logo
