On Thu, 24 Apr 2025 at 23:52, Jelte Fennema-Nio <postg...@jeltef.nl> wrote: > How about we add a *compile time* > option that allows the person that compiles libpq to choose which cert > store it should use if sslrootcert=system is provided. Something like > --system-cert-store=openssl and --system-cert-store=winstore flags for > ./configure.
@George So basically my suggestion is to make the behaviour that your patch introduces configurable at compile time. FWIW my vote would probably be to default to --system-cert-store=winstore if it's available. And then --system-cert-store=openssl would be a way out for people that took the effort to configure openssl correctly on Windows.