Using libpq 9.0.3, when an SSL connection is attempted from a client whose EUID is not in a password database, the connection fails because the home directory cannot be determined. With libpq 8.4.7, everything is fine.
I encountered this issue on my mail host, where I use virtual users. When mail is delivered, parameters such as UID, home directory, etc. are retrieved using multiple queries against a Postgres DB. As soon as the virtual user's UID (which does not exist in any local password database) is determined, exim setuid()s to it. All further queries then fail with an error similar to this one: PGSQL connection failed: could not get home directory to locate client certificate files FATAL: no pg_hba.conf entry for host "1.2.3.4", user "exim4", database "fake_name", SSL off Looking at interfaces/libpq/fe-secure.c, it seems that such a failure previously only occurred when sslmode was "verify-*", otherwise the missing home dir was ignored. Now, it always fails. It was pointed out to me that the client-side SSL stuff changed in 9.0.3, so this might be entirely valid. I was just a little suprising. Regards, Christian -- Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-bugs
