> On 13 Apr 2023, at 18:42, Daniel Gustafsson <dan...@yesql.se> wrote:
> Regarding the thread; I hope to have a suggestion for a way forward regarding > the open issue later tonight. After reading OpenSSL code and documentation, I think the simplest solution is to explicitly check for X509 errors when OpenSSL reports SSL_ERROR_SYSCALL. It's not documented why this particular errorcode is used, but AFAICT it's because while it is a cert verification failure, the cause of it is an IO error in reading a non-existing file or directory. The attached diff passes the tests on OpenSSL 1.0.1 through 3.1 as well as on LibreSSL. Thoughts? -- Daniel Gustafsson
libpq_system_ca_fix.diff
Description: Binary data