On Wed, Jul 7, 2010 at 16:28, Lou Picciano <loupicciano@comcast.net> wrote:
> Magnus,
> Tks for your response.
>> What is your connection string? Are you specifying the cert file there as
>> well?
> Well, no. Specifically, the exercise was to determine default locations of
> certs on Windows 7, as inferred from - the expected - error message from the
> PG client. In this case, the client was pgAdmin. (Is pgAdmin not a valid
> 'default' test?)
Ah, ok.
pgAdmin should be a valid test. Though in general, it's always
appreciated if you can try to reproduce the issue using psql. It
*could* be a bug in pgAdmin - in which case that also has to be fixed
of course, but it's a good way to narrow down where it is.
>> The code itself should actually "never" do this - it specifically checks
>> if the file doesn't exist, and should *not* show that error..
>> It should fail much later, when the server actually requests the cert..
> Oh? I didn't realize this. In fact, past experience has been consistent
> with my findings; that pqlib will hiccup quickly if it cannot find a cert,
> and that this error message would appear before ever presenting that
> (non-)cert to the server. If a cert is found, on the other hand, error
> messages would be different, assuming it's an invalid cert in the context of
> pg_hba.cconf.
If there is no cert, and the server doesn't request one, it's not an
error, and shouldn't be. Non-existant cert should only be an error if
the server requires one, and that should AFAICS give a different error
message.
>> Can you try specifying an explicit file say directly in c:\, just to see
>> if that works?
> Presumably you're proposing an environment variable approach? Sure, please
> propose an exact test, and we'll perform. (No one else here is using certs
> under Windows 7?)
Either environment variable or connection string parameter. See
http://www.postgresql.org/docs/9.0/static/libpq-connect.html, for the
parameters sslcert and sslkey. Or
http://www.postgresql.org/docs/9.0/static/libpq-envars.html for the
respective environment vars.
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
