Re: strange SSL msg [SOLVED]

From: "Jean-Yves F(dot) Barbier" <12ukwn(at)gmail(dot)com>
To: pgsql-novice(at)postgresql(dot)org
Subject: Re: strange SSL msg [SOLVED]
Date: 2011-05-31 11:15:49
Message-ID: 20110531131549.11144935@anubis.defcon1
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-novice

On Mon, 30 May 2011 23:56:54 -0400, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:

> "Jean-Yves F. Barbier" <12ukwn(at)gmail(dot)com> writes:
> > On Mon, 30 May 2011 23:06:18 -0400, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> >> It appears from the message that X509_STORE_load_locations is returning
> >> zero but not bothering to set up an OpenSSL error message. It's not
> >> entirely surprising that they might consider an empty file as an error,
>
> > No, it is pure missing:
> > I copied the client certificate id (generated in root.srl) into root.crl
> > and still nothing,
> > I also tested a copy of this file (instead a symlink) into
> > /var/lib/postgresql/9.0/main/,
> > and in /var/lib/postgresql/ (Debian postgres user home)
> > and also into /var/lib/postgresql/.postgresql/ !
>
> The file is supposed to be in $PGDATA. Random other locations will
> definitely *not* work.

$PGDATA is /var/lib/postgresql/9.0/main/ in Debian.

It is now working: I was naively thinking that root.crl should be feed
only with the certificate footprint (from root.srl, which is generated each
time I use the HOWTO client certificate generation script) but it was the
entire certificate that should be in (info grabbed on an ibm Pg paper but not
found into Pg's doc - I'm not very tough into openssl:(

Thanks Tom
JY
--
I may kid around about drugs, but really, I take them seriously.
-- Doctor Graper

In response to

Browse pgsql-novice by date

  From Date Subject
Next Message Jean-Yves F. Barbier 2011-05-31 13:18:42 indexes multicolumn
Previous Message Ognjen Blagojevic 2011-05-31 08:05:41 Re: CentOS 5.6