| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Andreas Pflug <pgadmin(at)pse-consulting(dot)de> |
| Cc: | pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: PG 7.3.1 with ssl on linux hangs (testcase available) |
| Date: | 2003-08-01 21:37:27 |
| Message-ID: | 13863.1059773847@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Andreas Pflug <pgadmin(at)pse-consulting(dot)de> writes:
> I pushed client_min_messages and log_min_messages to debug5, and the
> only suspicious message at startup is
> LOG: could not load root cert file "/usr/data/pgsql-7.4/root.crt": No
> such file or directory
> DETAIL: Will not verify client certificates.
> which shouldn't be a problem (pg_hba.conf is configured to trust).
That's expected if you don't provide a root.crt file. (I don't, and it
still works for me.)
> Any connect attempt will log
> DEBUG: forked new backend, pid=1826 socket=8
> DEBUG: proc_exit(0)
> DEBUG: shmem_exit(0)
> DEBUG: exit(0)
> DEBUG: reaping dead processes
> DEBUG: child process (pid 1826) exited with exit code 0
> with the client side message "server does not support SSL, but SSL was
> required". OpenSSL is 0.9.6g
Bizarre. I looked through the recent sslmode patch, and while I found
some things I didn't like, none of them explain this. Could you perhaps
get a trace of the server-to-client interaction? Either strace'ing psql
or watching the IP traffic with a packet sniffer should do --- but make
sure you get the full contents of each packet sent and received.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andreas Pflug | 2003-08-01 22:17:34 | Re: PG 7.3.1 with ssl on linux hangs (testcase available) |
| Previous Message | Stephen Frost | 2003-08-01 20:43:52 | pg_hba.conf changes |