Laurenz Albe <laurenz.albe@cybertec.at> writes:
> On Fri, 2022-11-25 at 15:36 +0530, Dhirendra Singh wrote:
>> I am expecting the connection to fail because user "test (S114546) does not exist. but i am confused about the error
messagein the server log.
>> It says certificate authentication failed for user "test (S114546)". but CN in the certificate matches with the
username in psql connection request.
>> So certificate authentication should pass. It should fail afterwards.
> Well, "test" is different from "test (S114546)", so what do you expect?
I think the OP is complaining about the message contents, not the
fact of the failure. However, it's intentional that the message sent
to the client is vague about the exact cause of an authentication
failure. Otherwise we might be giving aid to a blackhat trying to
break into the server. The postmaster log is supposed to be more
specific, and it looks to me like what's in the log is accurate.
regards, tom lane
