| From: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> |
|---|---|
| To: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
| Cc: | Michael Paquier <michael(at)paquier(dot)xyz>, Postgres hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Direct SSL connection with ALPN and HBA rules |
| Date: | 2024-05-14 17:14:38 |
| Message-ID: | CAOYmi+kuXZTA-_RR_HocVia38dt0O1T3K7quUuVV+mbFD0jw9w@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, Apr 29, 2024 at 11:04 AM Jacob Champion
<jacob(dot)champion(at)enterprisedb(dot)com> wrote:
> On Fri, Apr 26, 2024 at 3:51 PM Heikki Linnakangas <hlinnaka(at)iki(dot)fi> wrote:
> > Unfortunately the error message you got in the client with that was
> > horrible (I modified the server to not accept the 'postgresql' protocol):
> >
> > psql "dbname=postgres sslmode=require host=localhost"
> > psql: error: connection to server at "localhost" (::1), port 5432
> > failed: SSL error: SSL error code 167773280
>
> <long sigh>
>
> I filed a bug upstream [1].
I think this is on track to be fixed in a future set of OpenSSL 3.x
releases [2]. We'll still need to carry the workaround while we
support 1.1.1.
--Jacob
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Nathan Bossart | 2024-05-14 17:33:21 | Re: An improved README experience for PostgreSQL |
| Previous Message | Robert Haas | 2024-05-14 17:07:40 | Re: A wrong comment about search_indexed_tlist_for_var |