On Mon, Mar 26, 2007 at 12:04:21AM -0400, Tom Lane wrote:
> Michael Fuhr <mike@fuhr.org> writes:
> > On Sun, Mar 25, 2007 at 10:01:20PM -0400, Tom Lane wrote:
> >> I looked more closely and you are right: if the server does not have
> >> a root.crt file then it doesn't send its server cert to the client,
> >> and so there's no way for the client to verify the cert.
>
> > Eh? ssldump shows otherwise here with 8.2.3.
>
> Well, if it works then why is the OP complaining?
Two reasons:
1. I was following:
http://www.postgresql.org/docs/8.2/interactive/ssl-tcp.html
I did not know this page existed:
http://www.postgresql.org/docs/8.2/interactive/libpq-ssl.html
Connecting the two pages would have helped me.
2. I probably made a mistake trying the various combinations.
Knowing how Michael traced the connection with ssldump would be
VERY helpful. Trying to put it together from strace is much harder
and I probably made multiple mistakes. I was on a fishing expedition
at best as I didn't know how it went together.