Craig Ringer <cr...@postnewspapers.com.au> writes: > See the self-contained test case here: > http://www.postnewspapers.com.au/~craig/testcase.zip
Thanks for posting that; it makes it a lot easier to experiment with the behavior of the Java software stack. I've applied your patch along with some hacking on libpq. As far as I can tell, things now work nicely with chained certificates on either end, but it could definitely do with more testing if you have time to poke at CVS HEAD. I'm still a bit mystified about bug #5245 though. I can see two possible explanations for that one: 1. The reporter was wrong about which server version he was using; pre-8.4 servers would in fact not send the whole cert chain, cf http://archives.postgresql.org/pgsql-committers/2009-05/msg00195.php 2. The reporter was wrong about the actual cause of his problem, and despite his description, the true reason his Java client was failing was the lack of SSL_CTX_set_client_CA_list(). Anyway, as far as I can tell the case described there works now. regards, tom lane -- Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-bugs
