I now have SSL encryption working between psql and my PostgreSQL
server, but want to enable client verification of the server's SSL
certificate (and eventually vice-versa).
My problem is that when I copy my root.crt certificate into my
.postgresql directory, I am given the error:
psql: unrecognized SSL error code
which I find terribly uninformative. Adding the code
{
char buf[256];
ERR_error_string(SSL_get_error(conn->ssl, r),
buf);
printf("%s\n", buf);
}
around line 928 in fe-secure.c shows me:
error:00000004:lib(0):func(0):nested asn1 error
Has anyone else had problems getting certificate checking to work?
Feel free to suggest any commands with which I could explore with the
openssl command line tool whether my root certificate is really
legible and valid; the command
/usr/local/ssl/bin/openssl verify < root.crt
gives me the notice
error 18 at 0 depth lookup:self signed certificate
as one would expect, but nothing about not being able to parse the
certificate itself.
--
Brandon Craig Rhodes http://www.rhodesmill.org/brandon
Georgia Tech brandon@oit.gatech.edu