Skip site navigation (1) Skip section navigation (2)

Re: BUG #5468: Pg doesn't send accepted root CA list to client during SSL client cert request

From: Craig Ringer <craig(at)postnewspapers(dot)com(dot)au>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: pgsql-bugs <pgsql-bugs(at)postgresql(dot)org>
Subject: Re: BUG #5468: Pg doesn't send accepted root CA list to client during SSL client cert request
Date: 2010-05-25 23:41:46
Message-ID: 4BFC603A.8050201@postnewspapers.com.au (view raw or flat)
Thread:
Lists: pgsql-bugs
On 26/05/10 07:37, Tom Lane wrote:
> Craig Ringer<craig(at)postnewspapers(dot)com(dot)au>  writes:
>> I do *not* have the CA cert concatenated onto server.crt. I'll have to
>> see if that works, because that's how it's usually done with OpenSSL.
>
> Hmm.  That case doesn't work for me; what does work is including the
> intermediate cert in the server's root.crt.

Sorry, that was my poor choice of words.

s/the CA cert/the full certificate chain/g

It is the intermediate certs that the client may not have that are the 
important ones. 'the CA' I was referring to was the _intermediate_ CA, 
eg the company sub-CA; I just needed to be (a lot) clearer about it.

--
Craig Ringer

In response to

Responses

pgsql-bugs by date

Next:From: Tom LaneDate: 2010-05-26 00:13:15
Subject: Re: BUG #5468: Pg doesn't send accepted root CA list to client during SSL client cert request
Previous:From: Tom LaneDate: 2010-05-25 23:37:18
Subject: Re: BUG #5468: Pg doesn't send accepted root CA list to client during SSL client cert request

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group