| From: | Brandon Craig Rhodes <brandon(at)oit(dot)gatech(dot)edu> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | using a .postgresql/root.crt |
| Date: | 2004-02-16 18:45:18 |
| Message-ID: | vw4qtq50e9.fsf@guinness.ts.gatech.edu |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
I now have SSL encryption working between psql and my PostgreSQL
server, but want to enable client verification of the server's SSL
certificate (and eventually vice-versa).
My problem is that when I copy my root.crt certificate into my
.postgresql directory, I am given the error:
psql: unrecognized SSL error code
which I find terribly uninformative. Adding the code
{
char buf[256];
ERR_error_string(SSL_get_error(conn->ssl, r),
buf);
printf("%s\n", buf);
}
around line 928 in fe-secure.c shows me:
error:00000004:lib(0):func(0):nested asn1 error
Has anyone else had problems getting certificate checking to work?
Feel free to suggest any commands with which I could explore with the
openssl command line tool whether my root certificate is really
legible and valid; the command
/usr/local/ssl/bin/openssl verify < root.crt
gives me the notice
error 18 at 0 depth lookup:self signed certificate
as one would expect, but nothing about not being able to parse the
certificate itself.
--
Brandon Craig Rhodes http://www.rhodesmill.org/brandon
Georgia Tech brandon(at)oit(dot)gatech(dot)edu
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Richard Huxton | 2004-02-16 18:45:50 | Re: Inputting columns of data |
| Previous Message | Ben | 2004-02-16 18:43:18 | Re: making tsearch2 dictionaries |