> On Fri, 25 Apr 2025 at 12:22, George MacKerron <geo...@mackerron.co.uk> wrote: >> I know the documentation has now been changed to reflect that ‘system’ >> actually means OpenSSL. > > I didn't realize that. I'm definitely not in favor of that doc change. > It's describing behaviour that I believe is incorrect, as if it's > actually intended.
The change was described in Daniel’s message on 3 April. It’s actually a bit subtler than I suggested. The diff is: The special value <literal>system</literal> may be specified instead, in - which case the system's trusted CA roots will be loaded. + which case the trusted CA roots from the SSL implementation will be loaded. I agree with you here: the change makes the docs more correct, but the correctly-documented behaviour itself still seems incorrect to me. I think a clue is that the word ‘system’ no longer appears in the updated version of text explaining what sslrootcert=system does!