Re: BUG #1321: SSL error: sslv3 alert handshake failure

On Tue, Nov 16, 2004 at 03:33:49PM -0500, Tom Lane wrote:
> Michael Fuhr <mike@fuhr.org> writes:
> > Sounds like a problem due to the backend in recent betas demanding
> > a client certificate if $PGDATA/root.crt exists, but the client
> > certificate doesn't exist in ~/.postgresql/postgresql.{crt,key}.
>
> If that is the problem, it's still broken because the error message
> is so unhelpful.  (I'm quite certain I tested that case last time
> I touched the SSL code, and it said something reasonable then.)

I get the following error if I use an 8.0.0beta4 client to connect
to an 8.0.0beta4 server that has a root.crt, but the client certificate
doesn't exist in ~/.postgresql:

psql: SSL error: sslv3 alert handshake failure

The server logs the following:

LOG:  could not accept SSL connection: 1

If the certificate exists but I use a 7.4.6 client, then the client
fails with the following:

psql: unrecognized SSL error code

The server logs this:

LOG:  could not accept SSL connection: 5

--
Michael Fuhr
http://www.fuhr.org/~mfuhr/