diff options
| author | Daniel Gustafsson <dgustafsson@postgresql.org> | 2025-04-04 09:47:36 +0200 |
|---|---|---|
| committer | Daniel Gustafsson <dgustafsson@postgresql.org> | 2025-04-04 09:47:36 +0200 |
| commit | daa16893faa96246d758eb2cc27e2f75c5308296 (patch) | |
| tree | 814c9f3b1d0a946a0306eae69585ff5997bb3270 /doc/src | |
| parent | 898c131b58a0b62833e10f3556f993d0d385f941 (diff) | |
| download | postgresql-daa16893faa96246d758eb2cc27e2f75c5308296.tar.gz postgresql-daa16893faa96246d758eb2cc27e2f75c5308296.zip | |
doc: Clarify the system value for sslrootcert
The documentation for the special value "system" for sslrootcert could
be misinterpreted to mean the default operating system CA store, which
it may be, but it's defined to be the default CA store of the SSL lib
used.
Backpatch down to v16 where support for the system value was added.
Author: Daniel Gustafsson <daniel@yesql.se>
Reviewed-by: George MacKerron <george@mackerron.co.uk>
Discussion: https://postgr.es/m/B3CBBAA3-6EA3-4AB7-8619-4BBFAB93DDB4@yesql.se
Backpatch-through: 16
Diffstat (limited to 'doc/src')
| -rw-r--r-- | doc/src/sgml/libpq.sgml | 2 | ||||
| -rw-r--r-- | doc/src/sgml/runtime.sgml | 3 |
2 files changed, 3 insertions, 2 deletions
diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml index 5e3281ca2eb..37102c235b0 100644 --- a/doc/src/sgml/libpq.sgml +++ b/doc/src/sgml/libpq.sgml @@ -2042,7 +2042,7 @@ postgresql://%2Fvar%2Flib%2Fpostgresql/dbname </para> <para> The special value <literal>system</literal> may be specified instead, in - which case the system's trusted CA roots will be loaded. The exact + which case the trusted CA roots from the SSL implementation will be loaded. The exact locations of these root certificates differ by SSL implementation and platform. For <productname>OpenSSL</productname> in particular, the locations may be further modified by the <envar>SSL_CERT_DIR</envar> diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml index 59f39e89924..3a6d308ae35 100644 --- a/doc/src/sgml/runtime.sgml +++ b/doc/src/sgml/runtime.sgml @@ -1994,7 +1994,8 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433 <literal>sslmode=verify-ca</literal> or <literal>verify-full</literal> and have the appropriate root certificate file installed (<xref linkend="libq-ssl-certificates"/>). Alternatively the - system CA pool can be used using <literal>sslrootcert=system</literal>; in + <link linkend="libpq-connect-sslrootcert">system CA pool</link>, as defined + by the SSL implementation, can be used using <literal>sslrootcert=system</literal>; in this case, <literal>sslmode=verify-full</literal> is forced for safety, since it is generally trivial to obtain certificates which are signed by a public CA. |