[BUGS] BUG #14625: Error "sslv3 alert certificate expired" with validcertificate

The following bug has been logged on the website:

Bug reference:      14625
Logged by:          Pavel Kirichenko
Email address:      pavel.l.kirichenko@gmail.com
PostgreSQL version: 9.6.2
Operating system:   FreeBSD 11.0-RELEASE-p9 amd64
Description:

Version OpenSSL        1.0.2k_1,1

postgresql.conf
ssl = true
ssl_ciphers =

'kEECDH+AES128:kEECDH:kEDH:-3DES:kRSA+AES128:kEDH+3DES:DES-CBC3-SHA:!RC4:!aNULL:!eNULL:!MD5:!EXPORT:!LOW:!SEED:!CAMELLIA:!IDEA:!PSK:!SRP:!SSLv2'
ssl_prefer_server_ciphers = on
ssl_ecdh_curve = 'prime256v1'
ssl_cert_file = './ssl/server.crt'
ssl_key_file = './ssl/server.key'
ssl_ca_file = './ssl/root.crt'
ssl_crl_file = './ssl/root.crl'

pg_hba.conf
# TYPE      DATABASE        USER            ADDRESS                METHOD

# "local" is for Unix domain socket connections only
local       all             postgres
md5
# IPv4 local connections:
host        all             all             127.0.0.1/32                md5
hostssl     all             all             0.0.0.0/0                   md5
clientcert=1
# IPv6 local connections:
host        all             all             ::1/128                     md5
hostssl     all             all             ::/0                        md5
clientcert=1

I tryed to connect from the command line interface:
$ psql --host=192.168.1.3 --port=6543 --username=postgres
--dbname=template1
psql: SSL error: certificate verify failed

So I had such log message.
LOG:  could not accept SSL connection: sslv3 alert certificate expired

Then I checked the certificates.

[pavel.l.kirichenko@rat-3o3r3d3 /usr/home/pavel.l.kirichenko/.postgresql]$
openssl x509 -in ./postgresql.crt -text -noout
Certificate:   Data:       Version: 1 (0x0)       Serial Number: 2 (0x2)   Signature Algorithm:
sha256WithRSAEncryption
       Validity           Not Before: Mar 20 13:05:04 2017 GMT           Not After : Mar 18 13:05:04 2027 GMT
       Subject Public Key Info:           Public Key Algorithm: rsaEncryption               Public-Key: (4096 bit)


Time on the server is:
$ date
monday, 17 april 2017 г. 17:45:37 (+04)

Apparently, the certificate has not expired. 

You can say that the problem is in OpenSSL. I checked it. With this
certificates I configured the test nginx site on the same server — it works
properly.

The same error is repeated everywhere: psql, pgAdmin, connection via
dotConnect driver. 
Also I tested PostgreSQL version 9.4.11, I tryed to reduce key length to 512
bit and even psql on Ubuntu 14.04.1 with no success.

Certificates:
server        https://mega.nz/#!j9NTlCgD!6Rps9gF5s9b4qSkcliMQzKowWBDEMT5q28WqnVsJpAo
client        https://mega.nz/#!DltUWYia!lvR5BfKlxTS0TK0gYNHTsZrhjUngTTRQRkTwWsf5V6c


--
Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-bugs