Re: Question on SSL certificate expiry

I see it is working now but it takes a little bit of time.

Thanks Jeff, Tom!

On Mon, Jun 5, 2023 at 9:47 AM Nikhil Shetty <nikhil(dot)dba04(at)gmail(dot)com> wrote:

> What is your OS and version, your version of PostgreSQL (client, if not
>> the same installation as the server), your version of SSL support, and how
>> did you install the client?
>
> Database is running on Postgres v13.9 and hosted on RHEL8 . Client is
> MacOS with psql version 14.
>
> Openssl on MacOS
>
> openssl version - LibreSSL 3.3.6
>
> Thanks,
> Nikhil
>
> On Sun, Jun 4, 2023 at 8:59 PM Jeff Janes <jeff(dot)janes(at)gmail(dot)com> wrote:
>
>> On Sun, Jun 4, 2023 at 8:38 AM Nikhil Shetty <nikhil(dot)dba04(at)gmail(dot)com>
>> wrote:
>>
>>> Hi Jeff
>>>
>>> I am not getting this error when I tried using psql
>>>
>>
>> What is your OS and version, your version of PostgreSQL (client, if not
>> the same installation as the server), your version of SSL support, and how
>> did you install the client?
>>
>>
>>>
>>>
>>> I think PostgreSQL doesn't check it, but the ssl library does
>>>
>>>
>>> Do you mean the psql client(libpq) will not be able to check?
>>>
>>
>> It means the code which does the checking is not in the PostgreSQL source
>> code, but rather in your ssl library, presumably openssl.
>>
>>
>>>
>>> It is weird that that message ends up in the server's log file, as it is
>>>> the client which is doing the rejecting, not the server. So you would
>>>> think the client would get the details and the server would get the vague
>>>> conclusion. But it is certainly not the only ssl error reporting oddity
>>>> I've seen.
>>>
>>>
>>> Are you saying the client will be able to login but the error will be
>>> reported only in the server log?
>>>
>>
>> No, the client fails with the vague 'psql: error: connection to server at
>> "192.168.0.14", port 5432 failed: SSL error: certificate verify failed'.
>> The server log is where the more detailed reason for the failure goes.
>>
>> Cheers,
>>
>> Jeff
>>
>>>