From: | Nikhil Shetty <nikhil(dot)dba04(at)gmail(dot)com> |
---|---|
To: | Jeff Janes <jeff(dot)janes(at)gmail(dot)com> |
Cc: | Pgsql-admin <pgsql-admin(at)lists(dot)postgresql(dot)org> |
Subject: | Re: Question on SSL certificate expiry |
Date: | 2023-06-09 05:03:10 |
Message-ID: | CAFpL5VwBmBEx21EtDAbSAkEPUsdM7TF6GPkc+JrTELs1xQ0rzQ@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
I see it is working now but it takes a little bit of time.
Thanks Jeff, Tom!
On Mon, Jun 5, 2023 at 9:47 AM Nikhil Shetty <nikhil(dot)dba04(at)gmail(dot)com> wrote:
> What is your OS and version, your version of PostgreSQL (client, if not
>> the same installation as the server), your version of SSL support, and how
>> did you install the client?
>
> Database is running on Postgres v13.9 and hosted on RHEL8 . Client is
> MacOS with psql version 14.
>
> Openssl on MacOS
>
> openssl version - LibreSSL 3.3.6
>
> Thanks,
> Nikhil
>
> On Sun, Jun 4, 2023 at 8:59 PM Jeff Janes <jeff(dot)janes(at)gmail(dot)com> wrote:
>
>> On Sun, Jun 4, 2023 at 8:38 AM Nikhil Shetty <nikhil(dot)dba04(at)gmail(dot)com>
>> wrote:
>>
>>> Hi Jeff
>>>
>>> I am not getting this error when I tried using psql
>>>
>>
>> What is your OS and version, your version of PostgreSQL (client, if not
>> the same installation as the server), your version of SSL support, and how
>> did you install the client?
>>
>>
>>>
>>>
>>> I think PostgreSQL doesn't check it, but the ssl library does
>>>
>>>
>>> Do you mean the psql client(libpq) will not be able to check?
>>>
>>
>> It means the code which does the checking is not in the PostgreSQL source
>> code, but rather in your ssl library, presumably openssl.
>>
>>
>>>
>>> It is weird that that message ends up in the server's log file, as it is
>>>> the client which is doing the rejecting, not the server. So you would
>>>> think the client would get the details and the server would get the vague
>>>> conclusion. But it is certainly not the only ssl error reporting oddity
>>>> I've seen.
>>>
>>>
>>> Are you saying the client will be able to login but the error will be
>>> reported only in the server log?
>>>
>>
>> No, the client fails with the vague 'psql: error: connection to server at
>> "192.168.0.14", port 5432 failed: SSL error: certificate verify failed'.
>> The server log is where the more detailed reason for the failure goes.
>>
>> Cheers,
>>
>> Jeff
>>
>>>
From | Date | Subject | |
---|---|---|---|
Next Message | Dennis | 2023-06-09 14:01:17 | How to read wal files in postgresql 15? |
Previous Message | M Sarwar | 2023-06-08 17:44:12 | RE: Obtaining the size of temp tables in current sesion |