From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Andreas Pflug <pgadmin(at)pse-consulting(dot)de> |
Cc: | pgsql-bugs(at)postgresql(dot)org |
Subject: | Re: PG 7.3.1 with ssl on linux hangs (testcase available) |
Date: | 2003-08-01 21:37:27 |
Message-ID: | 13863.1059773847@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
Andreas Pflug <pgadmin(at)pse-consulting(dot)de> writes:
> I pushed client_min_messages and log_min_messages to debug5, and the
> only suspicious message at startup is
> LOG: could not load root cert file "/usr/data/pgsql-7.4/root.crt": No
> such file or directory
> DETAIL: Will not verify client certificates.
> which shouldn't be a problem (pg_hba.conf is configured to trust).
That's expected if you don't provide a root.crt file. (I don't, and it
still works for me.)
> Any connect attempt will log
> DEBUG: forked new backend, pid=1826 socket=8
> DEBUG: proc_exit(0)
> DEBUG: shmem_exit(0)
> DEBUG: exit(0)
> DEBUG: reaping dead processes
> DEBUG: child process (pid 1826) exited with exit code 0
> with the client side message "server does not support SSL, but SSL was
> required". OpenSSL is 0.9.6g
Bizarre. I looked through the recent sslmode patch, and while I found
some things I didn't like, none of them explain this. Could you perhaps
get a trace of the server-to-client interaction? Either strace'ing psql
or watching the IP traffic with a packet sniffer should do --- but make
sure you get the full contents of each packet sent and received.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Andreas Pflug | 2003-08-01 22:17:34 | Re: PG 7.3.1 with ssl on linux hangs (testcase available) |
Previous Message | Stephen Frost | 2003-08-01 20:43:52 | pg_hba.conf changes |