From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | "Jean-Yves F(dot) Barbier" <12ukwn(at)gmail(dot)com> |
Cc: | pgsql-novice(at)postgresql(dot)org |
Subject: | Re: strange SSL msg |
Date: | 2011-05-31 03:06:18 |
Message-ID: | 15873.1306811178@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-novice |
"Jean-Yves F. Barbier" <12ukwn(at)gmail(dot)com> writes:
> I followed the http://www.howtoforge.com/postgresql-ssl-certificates HOWTO
> and succeeded to install SSL certificates (although pg_hba.conf line should
> be: hostssl mydb myuser 0.0.0.0/0 cert (and not trust).)
> As I didn't already test revocation, I made a: touch root.crl but at svr
> start I've got these 2 log lines:
> SSL certificate revocation list file "root.crl" not found, \
> skipping: no SSL error reported
> Certificates will not be checked against revocation list.
> Is this behavior normal or not?
Hmmm ... I don't see that here, on a Fedora 13 machine (openssl-1.0.0d).
It appears from the message that X509_STORE_load_locations is returning
zero but not bothering to set up an OpenSSL error message. It's not
entirely surprising that they might consider an empty file as an error,
perhaps; but I'm thinking this might be a bug that's fixed in newer
OpenSSL releases.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Jean-Yves F. Barbier | 2011-05-31 03:32:43 | Re: strange SSL msg |
Previous Message | Dan Hajduk | 2011-05-31 01:43:05 | CentOS 5.6 |