Home > mailing lists

Re: Question on SSL certificate expiry - Mailing list pgsql-admin

From	Tom Lane
Subject	Re: Question on SSL certificate expiry
Date	June 1, 2023 13:07:18
Msg-id	3780.1685624838@sss.pgh.pa.us Whole thread Raw
In response to	Question on SSL certificate expiry (Nikhil Shetty <nikhil.dba04@gmail.com>)
Responses	Re: Question on SSL certificate expiry
List	pgsql-admin

Tree view

Nikhil Shetty <nikhil.dba04@gmail.com> writes:
> We were using MTLS to connect to the database. We noticed that even after
> server certificates expired the client was able to connect to the database.

> 1. Doesn't postgres check the expiry date of the certificate?

Postgres does not.  The openssl library can.  The most likely
guess, on the basis of the next-to-zero details you provided,
is that the connection is succeeding via some method that doesn't
require the client to check the server's certificate --- for
instance, a completely unencrypted connection.

            regards, tom lane

pgsql-admin by date:

From: Nikhil Shetty
Date: 01 June 2023, 11:40:22
Subject: Question on SSL certificate expiry

From: Nikhil Shetty
Date: 01 June 2023, 16:27:28
Subject: Re: Question on SSL certificate expiry

Re: Question on SSL certificate expiry - Mailing list pgsql-admin

Previous

Next