Hello,
both psql and pgAdmin refuse to connect to my PostgreSQL server using SSL.
These two error messages alternate:
SSL error: sslv3 alert certificate expired
SSL error: certificate verify failed
CA certificate is valid till 2011.
Server certificate is valid till 2009.
Client certificate is valid till 2009.
So the first error message is obviously a nonsense.
I asked on the pgAdmin and PostgreSQL mailing lists. The answer was just about
the same in both cases: This must be an OpenSSL issue.
In fact, the whole story is a bit more complicated:
1) I enabled OpenSSL for psql and pgAdmin in June 2008. It worked.
2) It stopped working (for the first time) at the end of August, with the
certificate expired message.
3) Adding the CA certificate and CRL on the *client* side fixed this, amazingly.
4) Then it worked for about one month, till the beginning of October.
5) Stopped working again about two days ago, this time with two error messages.
Certificate and key files are still in place and computer clocks show correct
time.
I have the 0.9.8i version installed. Should I try the h version again? (I am
not sure whether the upgrade from h to i is related to the malfunction or not.)
Other programs, such as Courier-MTA, work just fine.
Is it possible to get more log messages? There is something wrong with the
OpenSSL + PostgreSQL combination. There are two scenarios corresponding to the
error messages mentioned above.
1) Server says the certificate has expired. Client says certificate
verification failed.
2) Server says the client did not supply a certificate. Client says the
certificate has expired.
Nobody says *which* certificate expired. (AFAIK, all of them are valid. Checked
that twice.)
What could be wrong? Thank you in advance for any piece of advice.
Andrej
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
