From: | "Sahagian, David" <david(dot)sahagian(at)emc(dot)com> |
---|---|
To: | "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
Subject: | cannot load server.crt |
Date: | 2012-12-19 19:23:08 |
Message-ID: | F3CBFBA88397EA498B22A05FFA9EC49DE706CB6B@MX22A.corp.emc.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
9.1.3 on Linux . . .
We use our own CA implementation inside Java to generate a PEM-encoded certificate chain (server.crt) and key (server.key).
The certificates are, as they should be, base-64 encoded and surrounded by the appropriate delimiters such as
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
They are also line-wrapped at 77 characters.
But the line wrapping code can cause an extra newline char following the final base-64 encoded character of the cert or key, and before the -----END CERTIFICATE----- delimiter.
When this happens, Postgres rejects the certificate.
-----BEGIN CERTIFICATE-----
blahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblah
. . .
blahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblah
-----END CERTIFICATE-----
Although these formats are imprecisely defined, we think Postgres should accept such a certificate since both Java keytool and Windows certificate management accept the certificate as valid.
Is this a bug in OpenSSL and/or Postgres ?
-dvs-
From | Date | Subject | |
---|---|---|---|
Next Message | John R Pierce | 2012-12-19 19:28:35 | Re: Join several tables (to fetch user info), but one of them is optional (user avatar) |
Previous Message | Adrian Klaver | 2012-12-19 16:52:07 | Re: How to startup the database server? |