Skip site navigation (1) Skip section navigation (2)

Re: File format for SSL CRL file

From: Alvaro Herrera <alvherre(at)commandprompt(dot)com>
To: Greg Smith <greg(at)2ndquadrant(dot)com>
Cc: Pg Docs <pgsql-docs(at)postgresql(dot)org>, Pg Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: File format for SSL CRL file
Date: 2012-07-03 02:44:00
Message-ID: 1341283155-sup-42@alvh.no-ip.org (view raw or flat)
Thread:
Lists: pgsql-docspgsql-hackers
Excerpts from Greg Smith's message of lun jul 02 20:30:07 -0400 2012:
> A documentation comment came in recently about ssl-tcp.html not 
> specifying what format is expected for the CRL file.  Seems like 
> something that could be described better now that I look at it, so I'm 
> passing that along with just wording edits from me; this is from user 
> "oneironautics":
> 
> The root.crl needs to be in PEM (and not DER) format.  If a certificate 
> file exists but is the wrong type, you will be told it cannot find the 
> file when it exists, with this sort of error in the log:
> 
> LOG:  SSL certificate revocation list file "root.crl" not found, 
> skipping: no SSL error reported

HEAD is different in this area -- it dies with a FATAL instead of just
skipping it.

Also, the error message seems rather poor.  Maybe the code should call
X509_STORE_CTX_get_error() instead of SSLerrmessage (which calls
ERR_get_error; apparently not the right thing to do).

-- 
Álvaro Herrera <alvherre(at)commandprompt(dot)com>
The PostgreSQL Company - Command Prompt, Inc.
PostgreSQL Replication, Consulting, Custom Development, 24x7 support

In response to

Responses

pgsql-docs by date

Next:From: Magnus HaganderDate: 2012-07-03 08:01:02
Subject: Re: File format for SSL CRL file
Previous:From: Greg SmithDate: 2012-07-03 00:30:07
Subject: File format for SSL CRL file

pgsql-hackers by date

Next:From: Robert HaasDate: 2012-07-03 02:49:10
Subject: huge tlb support
Previous:From: Tom LaneDate: 2012-07-03 00:55:56
Subject: Re: Patch: add conversion from pg_wchar to multibyte

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group