Tried doc search, pgsql-general and #postgresql. Server: 7.4.8 on Red Hat EL4. Client psql 8.0.3 on WinXP. Using a test server.crt and server.key, as described in 8.0 docs 16.8, I can activate SSL encryption (WinXP 8.0.3 psql reports "SSL Connection" at connect), and as expected, the server log reports that root.crt is not found. If I copy server.crt to root.crt and start up server again, the missing root.crt message disappears. But I can still connect with psql with no postgresql.crt on client (docs 27.13). Apparently, the root.crt, which in this case is a copy of server.crt, is not interpreted as a CA crt, but how does the server know? Isn't a CA cert just a self signed crt? Why is there not a warning that client authentication will not take place, when it apparently does not? Does the server only check that a root.crt file is present, and not that is contains valid information?
Comments appreciated KPL ---------------------------(end of broadcast)--------------------------- TIP 4: Have you searched our list archives? http://archives.postgresql.org