Re: Question on SSL certificate expiry

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Nikhil Shetty <nikhil(dot)dba04(at)gmail(dot)com>
Cc: Pgsql-admin <pgsql-admin(at)lists(dot)postgresql(dot)org>
Subject: Re: Question on SSL certificate expiry
Date: 2023-06-01 13:07:18
Message-ID: 3780.1685624838@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

Nikhil Shetty <nikhil(dot)dba04(at)gmail(dot)com> writes:
> We were using MTLS to connect to the database. We noticed that even after
> server certificates expired the client was able to connect to the database.

> 1. Doesn't postgres check the expiry date of the certificate?

Postgres does not. The openssl library can. The most likely
guess, on the basis of the next-to-zero details you provided,
is that the connection is succeeding via some method that doesn't
require the client to check the server's certificate --- for
instance, a completely unencrypted connection.

regards, tom lane

In response to

Responses

Browse pgsql-admin by date

  From Date Subject
Next Message Nikhil Shetty 2023-06-01 16:27:28 Re: Question on SSL certificate expiry
Previous Message Nikhil Shetty 2023-06-01 11:40:22 Question on SSL certificate expiry