Обсуждение: [BUGS] BUG #14625: Error "sslv3 alert certificate expired" with validcertificate
[BUGS] BUG #14625: Error "sslv3 alert certificate expired" with validcertificate
От
pavel.l.kirichenko@gmail.com
Дата:
The following bug has been logged on the website: Bug reference: 14625 Logged by: Pavel Kirichenko Email address: pavel.l.kirichenko@gmail.com PostgreSQL version: 9.6.2 Operating system: FreeBSD 11.0-RELEASE-p9 amd64 Description: Version OpenSSL 1.0.2k_1,1 postgresql.conf ssl = true ssl_ciphers = 'kEECDH+AES128:kEECDH:kEDH:-3DES:kRSA+AES128:kEDH+3DES:DES-CBC3-SHA:!RC4:!aNULL:!eNULL:!MD5:!EXPORT:!LOW:!SEED:!CAMELLIA:!IDEA:!PSK:!SRP:!SSLv2' ssl_prefer_server_ciphers = on ssl_ecdh_curve = 'prime256v1' ssl_cert_file = './ssl/server.crt' ssl_key_file = './ssl/server.key' ssl_ca_file = './ssl/root.crt' ssl_crl_file = './ssl/root.crl' pg_hba.conf # TYPE DATABASE USER ADDRESS METHOD # "local" is for Unix domain socket connections only local all postgres md5 # IPv4 local connections: host all all 127.0.0.1/32 md5 hostssl all all 0.0.0.0/0 md5 clientcert=1 # IPv6 local connections: host all all ::1/128 md5 hostssl all all ::/0 md5 clientcert=1 I tryed to connect from the command line interface: $ psql --host=192.168.1.3 --port=6543 --username=postgres --dbname=template1 psql: SSL error: certificate verify failed So I had such log message. LOG: could not accept SSL connection: sslv3 alert certificate expired Then I checked the certificates. [pavel.l.kirichenko@rat-3o3r3d3 /usr/home/pavel.l.kirichenko/.postgresql]$ openssl x509 -in ./postgresql.crt -text -noout Certificate: Data: Version: 1 (0x0) Serial Number: 2 (0x2) Signature Algorithm: sha256WithRSAEncryption Validity Not Before: Mar 20 13:05:04 2017 GMT Not After : Mar 18 13:05:04 2027 GMT Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) Time on the server is: $ date monday, 17 april 2017 г. 17:45:37 (+04) Apparently, the certificate has not expired. You can say that the problem is in OpenSSL. I checked it. With this certificates I configured the test nginx site on the same server — it works properly. The same error is repeated everywhere: psql, pgAdmin, connection via dotConnect driver. Also I tested PostgreSQL version 9.4.11, I tryed to reduce key length to 512 bit and even psql on Ubuntu 14.04.1 with no success. Certificates: server https://mega.nz/#!j9NTlCgD!6Rps9gF5s9b4qSkcliMQzKowWBDEMT5q28WqnVsJpAo client https://mega.nz/#!DltUWYia!lvR5BfKlxTS0TK0gYNHTsZrhjUngTTRQRkTwWsf5V6c -- Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-bugs