| From: | Andrus <kobruleht2(at)hot(dot)ee> |
|---|---|
| To: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-bugs(at)lists(dot)postgresql(dot)org |
| Subject: | Re: tlsv1 alert unknown ca error on cert authentication |
| Date: | 2025-06-09 20:40:34 |
| Message-ID: | 5b918a1a-5105-49dd-94ba-cea1e2018623@hot.ee |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Hi!
> I wonder if this setup is somewhat undefined/underdefined behavior.
>
> Andrus, if I understand correctly, you have
> - two certificates (one client, one server _and_ CA)
> - with the same(!) Subject, according to the logs
> - one signed the other (so it's "self-signed")
> - one is marked CA, one is not
>
> I have no idea how OpenSSL or the RFCs resolve this situation. Do you
> really intend to have the CA share the same Subject as the client?
No. It was mistake. You can close this bug report as invalid.
Andrus.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Lowell Hought | 2025-06-09 23:35:13 | Re: BUG #18950: pgsql function that worked in Postgresql 16 does not return in Postgresql 17 |
| Previous Message | Tom Lane | 2025-06-09 17:02:52 | Re: BUG #18907: SSL error: bad length failure during transfer data in pipeline mode with libpq |