Hi Tom, Thank you for answering. I've tested psql connection with two hosts, both yielded the same result (could not find digest for NID UNDEF). Both systems have recent libpq and libssl. Also, "openssl s_client" shows server certificate correctly on both hosts.
TEST CLIENT 1: Rocky Linux 9.6 (Blue Onyx) using default repositories postgresql package provides psql postgresql-private-libs package provides libpq.so openssl-libs package provides libssl.so # dnf list installed postgresql\* openssl-libs Installed Packages openssl-libs.x86_64 1:3.2.2-6.el9_5.1 @anaconda postgresql.x86_64 16.10-1.module+el9.6.0+32421+7c015469 @appstream postgresql-private-libs.x86_64 16.10-1.module+el9.6.0+32421+7c015469 @appstream
# psql --version psql (PostgreSQL) 16.10
# file -L $(which psql) /bin/psql: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=51379c0b69cb45e885655e41f9f4587e20f679b5, for GNU/Linux 3.2.0, stripped
PG Bug reporting form <noreply@postgresql.org> writes: > When Ed25519 certificate is configured on PG server, I'm able to connect > with a Java client. Also, openssl and sslscan were able make connection and > show certificate details. Still CLI tool (psql) does not work with it and > refuses to connect.
This does look similar to the previous discussion about RSA-PSS. But we fixed that a couple years ago. Are you sure your libpq is up-to-date? What about the openssl libraries it's bound to?
> $ openssl version > OpenSSL 3.2.2 4 Jun 2024 (Library: OpenSSL 3.2.2 4 Jun 2024)
This proves zero about what libpq is using. Applying "ldd" to psql might be more enlightening.
