On Mon, Mar 26, 2007 at 12:04:21AM -0400, Tom Lane wrote: > Michael Fuhr <mike@xxxxxxxx> writes: > > On Sun, Mar 25, 2007 at 10:01:20PM -0400, Tom Lane wrote: > >> I looked more closely and you are right: if the server does not have > >> a root.crt file then it doesn't send its server cert to the client, > >> and so there's no way for the client to verify the cert. > > > Eh? ssldump shows otherwise here with 8.2.3. > > Well, if it works then why is the OP complaining? Two reasons: 1. I was following: http://www.postgresql.org/docs/8.2/interactive/ssl-tcp.html I did not know this page existed: http://www.postgresql.org/docs/8.2/interactive/libpq-ssl.html Connecting the two pages would have helped me. 2. I probably made a mistake trying the various combinations. Knowing how Michael traced the connection with ssldump would be VERY helpful. Trying to put it together from strace is much harder and I probably made multiple mistakes. I was on a fishing expedition at best as I didn't know how it went together.
