Tried doc search, pgsql-general and #postgresql.
Server: 7.4.8 on Red Hat EL4. Client psql 8.0.3 on WinXP.
Using a test server.crt and server.key, as described in 8.0 docs 16.8, I
can activate SSL encryption (WinXP 8.0.3 psql reports "SSL Connection" at
connect), and as expected, the server log reports that root.crt is not found.
If I copy server.crt to root.crt and start up server again, the missing
root.crt message disappears. But I can still connect with psql with no postgresql.crt
on client (docs 27.13). Apparently, the root.crt, which in this case is
a copy of server.crt, is not interpreted as a CA crt, but how does the server
know? Isn't a CA cert just a self signed crt? Why is there not a warning
that client authentication will not take place, when it apparently does
not? Does the server only check that a root.crt file is present, and not
that is contains valid information?
Comments appreciated
KPL