| From: | Michael Fuhr <mike(at)fuhr(dot)org> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | "T(dot)J(dot) Ferraro" <tjtoocool(at)phreaker(dot)net>, pgsql-bugs(at)postgresql(dot)org, Magnus Hagander <mha(at)sollentuna(dot)net> |
| Subject: | Re: BUG #1321: SSL error: sslv3 alert handshake failure |
| Date: | 2004-11-16 20:41:56 |
| Message-ID: | 20041116204156.GA27507@winnie.fuhr.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
On Tue, Nov 16, 2004 at 03:33:49PM -0500, Tom Lane wrote:
> Michael Fuhr <mike(at)fuhr(dot)org> writes:
> > Sounds like a problem due to the backend in recent betas demanding
> > a client certificate if $PGDATA/root.crt exists, but the client
> > certificate doesn't exist in ~/.postgresql/postgresql.{crt,key}.
>
> If that is the problem, it's still broken because the error message
> is so unhelpful. (I'm quite certain I tested that case last time
> I touched the SSL code, and it said something reasonable then.)
I get the following error if I use an 8.0.0beta4 client to connect
to an 8.0.0beta4 server that has a root.crt, but the client certificate
doesn't exist in ~/.postgresql:
psql: SSL error: sslv3 alert handshake failure
The server logs the following:
LOG: could not accept SSL connection: 1
If the certificate exists but I use a 7.4.6 client, then the client
fails with the following:
psql: unrecognized SSL error code
The server logs this:
LOG: could not accept SSL connection: 5
--
Michael Fuhr
http://www.fuhr.org/~mfuhr/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stefanos Harhalakis | 2004-11-16 20:43:08 | Re: Bogus error message about private key (not a bug). |
| Previous Message | Tom Lane | 2004-11-16 20:33:49 | Re: BUG #1321: SSL error: sslv3 alert handshake failure |