Re: Is this a known feature of 8.1 SSL connection?

On Tue, Nov 2, 2010 at 11:25 AM, Ray Stell <stellr(at)cns(dot)vt(dot)edu> wrote:
> On Tue, Nov 02, 2010 at 09:03:59AM -0400, zhong ming wu wrote:
>> On Mon, Nov 1, 2010 at 5:06 PM, Ray Stell <stellr(at)cns(dot)vt(dot)edu> wrote:
>> >
>> > no, that does not make sense to me, however, I don't have an 8.x to
play
>> with.
>> >
>> > In 9.0.1,
>> > with hostnossl+md5
>> > ssl=on
>> > no ~/.postgresql on the client
>> >
>> > $ psql -p 5498 template1 postgres
>> > Password for user postgres:
>> > psql (9.0.1)
>> > Type "help" for help.
>> >
>> > template1=# \q
>> >
>> > what is the postmaster msg exactly?
>> >
>>
>> psql 8.1 Client on 32 bit. 8.1 Server on 64 bit. Both centos 5.4.
>>
>> Client message:
>> -----------------------
>> psql: could not open certificate file
>> "/some/path/.postgresql/postgresql.crt" no such file ro directory
>> ------------------
>> Server log:
>> ----------------------
>> Could not accept SSL connection: peer did not return a certificate.
>> -----------------------
>>
>> Now when a certificate was supplied the connection was made sucessfully
with
>> hostnossl
>>
>> And at the psql prompt, I do not get "ssl connection" details as expected
>> for hostnossl connection.
>>
>> The psql command used
>>
>> psql -h 192.168.56.101 -U testuser test
>
> well, that is really strange. I wish I could help you by looking at an 8.x
> install, but I don't have time right now. If we assume the code works the
> same way in in 8 and 9, which I think they probably do, then I'd have to
ask
> if you are sure you are looking at the right config. Maybe you have more
> than one test db? I'm sure you are not making that mistake.
>
>

Good question. First, it's not easy to get confused like this because server
logs lives in $PGDATA/pg_log/ and pg_hba.conf is in $PGDATA
That is the production system where I first experienced the error.

The errors I sent you above were generated on two freshly made virtualboxes
with prepackaged 8.1 that comes with centos.