Re: Question on SSL certificate expiry

>
> What is your OS and version, your version of PostgreSQL (client, if not
> the same installation as the server), your version of SSL support, and how
> did you install the client?

Database is running on Postgres v13.9 and hosted on RHEL8 . Client is MacOS
with psql version 14.

Openssl on MacOS

openssl version - LibreSSL 3.3.6

Thanks,
Nikhil

On Sun, Jun 4, 2023 at 8:59 PM Jeff Janes <jeff(dot)janes(at)gmail(dot)com> wrote:

> On Sun, Jun 4, 2023 at 8:38 AM Nikhil Shetty <nikhil(dot)dba04(at)gmail(dot)com>
> wrote:
>
>> Hi Jeff
>>
>> I am not getting this error when I tried using psql
>>
>
> What is your OS and version, your version of PostgreSQL (client, if not
> the same installation as the server), your version of SSL support, and how
> did you install the client?
>
>
>>
>>
>> I think PostgreSQL doesn't check it, but the ssl library does
>>
>>
>> Do you mean the psql client(libpq) will not be able to check?
>>
>
> It means the code which does the checking is not in the PostgreSQL source
> code, but rather in your ssl library, presumably openssl.
>
>
>>
>> It is weird that that message ends up in the server's log file, as it is
>>> the client which is doing the rejecting, not the server. So you would
>>> think the client would get the details and the server would get the vague
>>> conclusion. But it is certainly not the only ssl error reporting oddity
>>> I've seen.
>>
>>
>> Are you saying the client will be able to login but the error will be
>> reported only in the server log?
>>
>
> No, the client fails with the vague 'psql: error: connection to server at
> "192.168.0.14", port 5432 failed: SSL error: certificate verify failed'.
> The server log is where the more detailed reason for the failure goes.
>
> Cheers,
>
> Jeff
>
>>