Received: from localhost (maia-2.hub.org [200.46.204.187]) by postgresql.org (Postfix) with ESMTP id 54F7A9FB1B9 for ; Mon, 26 Mar 2007 01:04:28 -0300 (ADT) Received: from postgresql.org ([200.46.204.71]) by localhost (mx1.hub.org [200.46.204.187]) (amavisd-new, port 10024) with ESMTP id 22346-05 for ; Mon, 26 Mar 2007 01:04:24 -0300 (ADT) X-Greylist: from auto-whitelisted by SQLgrey-1.7.4 Received: from sss.pgh.pa.us (sss.pgh.pa.us [66.207.139.130]) by postgresql.org (Postfix) with ESMTP id E1BDE9FA4DF for ; Mon, 26 Mar 2007 01:04:24 -0300 (ADT) Received: from sss2.sss.pgh.pa.us (tgl@localhost [127.0.0.1]) by sss.pgh.pa.us (8.13.6/8.13.6) with ESMTP id l2Q44Luq003131; Mon, 26 Mar 2007 00:04:21 -0400 (EDT) To: Michael Fuhr cc: Ray Stell , pgsql-admin@postgresql.org Subject: Re: no verification of client certificate? In-reply-to: <20070326025713.GA5653@winnie.fuhr.org> References: <20070323181626.GA16092@cns.vt.edu> <25532.1174687277@sss.pgh.pa.us> <20070324020434.GA18533@cns.vt.edu> <1950.1174874480@sss.pgh.pa.us> <20070326025713.GA5653@winnie.fuhr.org> Comments: In-reply-to Michael Fuhr message dated "Sun, 25 Mar 2007 20:57:13 -0600" Date: Mon, 26 Mar 2007 00:04:21 -0400 Message-ID: <3130.1174881861@sss.pgh.pa.us> From: Tom Lane X-Virus-Scanned: Maia Mailguard 1.0.1 X-Archive-Number: 200703/188 X-Sequence-Number: 25012 Michael Fuhr writes: > On Sun, Mar 25, 2007 at 10:01:20PM -0400, Tom Lane wrote: >> I looked more closely and you are right: if the server does not have >> a root.crt file then it doesn't send its server cert to the client, >> and so there's no way for the client to verify the cert. > Eh? ssldump shows otherwise here with 8.2.3. Well, if it works then why is the OP complaining? Perhaps there is some non-obvious configuration issue that accounts for the difference between your results and his? regards, tom lane