Home > mailing lists

Re: tlsv1 alert iso-8859-1 ca error on cert authentication - Mailing list pgsql-bugs

From	Jacob Champion
Subject	Re: tlsv1 alert iso-8859-1 ca error on cert authentication
Date	June 9 18:39:17
Msg-id	CAOYmi+=fbH0_9sCkWaj0s-3AUNd1W=H2AyU088RfiGD+AEeKaQ@mail.gmail.com Whole thread Raw
In response to	Re: tlsv1 alert iso-8859-1 ca error on cert authentication (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-bugs

Tree view

On Sun, Jun 8, 2025 at 9:14 AM Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Hm.  This example works fine for me on RHEL8.  Evidently your
> openssl installation is set up to reject self-signed certificates
> by default.

I wonder if this setup is somewhat undefined/underdefined behavior.

Andrus, if I understand correctly, you have
- two certificates (one client, one server _and_ CA)
- with the same(!) Subject, according to the logs
- one signed the other (so it's "self-signed")
- one is marked CA, one is not

I have no idea how OpenSSL or the RFCs resolve this situation. Do you
really intend to have the CA share the same Subject as the client?

--Jacob

pgsql-bugs by date:

From: Tom Lane
Date: 09 June, 17:26:33
Subject: Re: BUG #18907: SSL error: bad length failure during transfer data in pipeline mode with libpq

From: Tom Lane
Date: 09 June, 20:02:52
Subject: Re: BUG #18907: SSL error: bad length failure during transfer data in pipeline mode with libpq

Re: tlsv1 alert iso-8859-1 ca error on cert authentication - Mailing list pgsql-bugs

Previous

Next