Andreas Pflug <pgadmin@pse-consulting.de> writes:
> I pushed client_min_messages and log_min_messages to debug5, and the
> only suspicious message at startup is
> LOG: could not load root cert file "/usr/data/pgsql-7.4/root.crt": No
> such file or directory
> DETAIL: Will not verify client certificates.
> which shouldn't be a problem (pg_hba.conf is configured to trust).
That's expected if you don't provide a root.crt file. (I don't, and it
still works for me.)
> Any connect attempt will log
> DEBUG: forked new backend, pid=1826 socket=8
> DEBUG: proc_exit(0)
> DEBUG: shmem_exit(0)
> DEBUG: exit(0)
> DEBUG: reaping dead processes
> DEBUG: child process (pid 1826) exited with exit code 0
> with the client side message "server does not support SSL, but SSL was
> required". OpenSSL is 0.9.6g
Bizarre. I looked through the recent sslmode patch, and while I found
some things I didn't like, none of them explain this. Could you perhaps
get a trace of the server-to-client interaction? Either strace'ing psql
or watching the IP traffic with a packet sniffer should do --- but make
sure you get the full contents of each packet sent and received.
regards, tom lane