From: | "Jean-Yves F(dot) Barbier" <12ukwn(at)gmail(dot)com> |
---|---|
To: | pgsql-novice(at)postgresql(dot)org |
Subject: | Re: strange SSL msg [SOLVED] |
Date: | 2011-05-31 11:15:49 |
Message-ID: | 20110531131549.11144935@anubis.defcon1 |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-novice |
On Mon, 30 May 2011 23:56:54 -0400, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> "Jean-Yves F. Barbier" <12ukwn(at)gmail(dot)com> writes:
> > On Mon, 30 May 2011 23:06:18 -0400, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> >> It appears from the message that X509_STORE_load_locations is returning
> >> zero but not bothering to set up an OpenSSL error message. It's not
> >> entirely surprising that they might consider an empty file as an error,
>
> > No, it is pure missing:
> > I copied the client certificate id (generated in root.srl) into root.crl
> > and still nothing,
> > I also tested a copy of this file (instead a symlink) into
> > /var/lib/postgresql/9.0/main/,
> > and in /var/lib/postgresql/ (Debian postgres user home)
> > and also into /var/lib/postgresql/.postgresql/ !
>
> The file is supposed to be in $PGDATA. Random other locations will
> definitely *not* work.
$PGDATA is /var/lib/postgresql/9.0/main/ in Debian.
It is now working: I was naively thinking that root.crl should be feed
only with the certificate footprint (from root.srl, which is generated each
time I use the HOWTO client certificate generation script) but it was the
entire certificate that should be in (info grabbed on an ibm Pg paper but not
found into Pg's doc - I'm not very tough into openssl:(
Thanks Tom
JY
--
I may kid around about drugs, but really, I take them seriously.
-- Doctor Graper
From | Date | Subject | |
---|---|---|---|
Next Message | Jean-Yves F. Barbier | 2011-05-31 13:18:42 | indexes multicolumn |
Previous Message | Ognjen Blagojevic | 2011-05-31 08:05:41 | Re: CentOS 5.6 |