| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "Sahagian, David" <david(dot)sahagian(at)emc(dot)com> |
| Cc: | "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: cannot load server.crt |
| Date: | 2012-12-20 00:03:58 |
| Message-ID: | 25349.1355961838@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
"Sahagian, David" <david(dot)sahagian(at)emc(dot)com> writes:
> We use our own CA implementation inside Java to generate a PEM-encoded certificate chain (server.crt) and key (server.key).
> The certificates are, as they should be, base-64 encoded and surrounded by the appropriate delimiters such as
> -----BEGIN CERTIFICATE-----
> -----END CERTIFICATE-----
> They are also line-wrapped at 77 characters.
> But the line wrapping code can cause an extra newline char following the final base-64 encoded character of the cert or key, and before the -----END CERTIFICATE----- delimiter.
> When this happens, Postgres rejects the certificate.
That would be OpenSSL rejecting the cert; Postgres never touches such
files directly. I don't know whether there's an official spec about
the contents of cert files, but you'd have to take it up with the
OpenSSL folk if you want to lobby for a change in this behavior.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2012-12-20 00:12:03 | Re: pg_xlog is getting bigger |
| Previous Message | Adrian Klaver | 2012-12-20 00:02:50 | Re: pg_xlog is getting bigger |