Home > mailing lists

Re: tlsv1 alert iso-8859-1 ca error on cert authentication - Mailing list pgsql-bugs

From	Andrus
Subject	Re: tlsv1 alert iso-8859-1 ca error on cert authentication
Date	June 9 10:34:47
Msg-id	1f713b36-4903-446b-ac25-b4460f9fe3d1@hot.ee Whole thread Raw
In response to	Re: tlsv1 alert iso-8859-1 ca error on cert authentication (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-bugs

Tree view

Hi!
>Hm. This example works fine for me on RHEL8. Evidently your openssl installation is set up to reject self-signed certificates by default.

Tried with RapidSSL cert for user varukoopia. Error message is the same.

I note that in my installation, /etc/pki/tls/openssl.cnf
contains

[ req ]
...
x509_extensions	= v3_ca	# The extensions to add to the self signed cert
...
[ v3_ca ]
# Extensions for a typical CA
...
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign

Perhaps in your configuration file, that option is active?

It is not active.

Tried self signed cert for user varukoopia, but error message is the same.

Tried with

log_min_messages = debug5

but log does not contain more information about error

Certs used and openssl conf were sent to Tom as message attachments.

Andrus

pgsql-bugs by date:

From: Michael Paquier
Date: 09 June, 01:27:56
Subject: Re: BUG #18943: Return value of a function 'xmlBufferCreate' is dereferenced at xpath.c:177 without checking for NUL

From: Fujii Masao
Date: 09 June, 13:07:42
Subject: Re: BUG #18947: TRAP: failed Assert("len_to_wrt >= 0") in pg_stat_statements

Re: tlsv1 alert iso-8859-1 ca error on cert authentication - Mailing list pgsql-bugs

Previous

Next