Postgres Pro
Downloads
Home   >   mailing lists

Re: BUG #5468: Pg doesn't send accepted root CA list to client during SSL client cert request - Mailing list pgsql-bugs

From Tom Lane
Subject Re: BUG #5468: Pg doesn't send accepted root CA list to client during SSL client cert request
Date
Msg-id 23787.1274802524@sss.pgh.pa.us
Whole thread Raw
In response to Re: BUG #5468: Pg doesn't send accepted root CA list to client during SSL client cert request  (Craig Ringer <craig@postnewspapers.com.au>)
Responses Re: BUG #5468: Pg doesn't send accepted root CA list to client during SSL client cert request  (Magnus Hagander <magnus@hagander.net>)
Re: BUG #5468: Pg doesn't send accepted root CA list to client during SSL client cert request  (Craig Ringer <craig@postnewspapers.com.au>)
List pgsql-bugs
Tree view 
Craig Ringer <craig@postnewspapers.com.au> writes:
> Bug 5245 is not the same issue. They're talking about the server not
> sending the full certificate chain for the cert that identifies the
> server (server.crt). It's nothing to do with client certificates.
> Without the full chain, the client can't verify the server unless it
> happens to already have the intermediate certs between the server's cert
> and the trusted root that signed it installed locally. I haven't
> encountered #5245 myself, but will test it shortly to verify. It'd
> certainly count as a significant bug, as it would make it impossible to
> use indirect trust to verify a server (as is the case when a corporate
> CA signed by a "big name" CA is in use).

BTW, does anyone know exactly how to fix that?  I'm looking at a related
request internal to Red Hat right now.

            regards, tom lane

pgsql-bugs by date:

Previous
From: Dave Page
Date:
Subject: Re: BUG #5471: Postgres License Url is Misspelled
Next
From: Magnus Hagander
Date:
Subject: Re: BUG #5468: Pg doesn't send accepted root CA list to client during SSL client cert request