Re: tlsv1 alert unknown ca error on cert authentication

Andrus <kobruleht2@hot.ee>

From: Andrus <kobruleht2@hot.ee>
To: Jacob Champion <jacob.champion@enterprisedb.com>, Tom Lane <tgl@sss.pgh.pa.us>
Cc: pgsql-bugs@lists.postgresql.org
Date: 2025-06-09T20:40:34Z
Lists: pgsql-bugs
Hi!

> I wonder if this setup is somewhat undefined/underdefined behavior.
>
> Andrus, if I understand correctly, you have
> - two certificates (one client, one server _and_ CA)
> - with the same(!) Subject, according to the logs
> - one signed the other (so it's "self-signed")
> - one is marked CA, one is not
>
> I have no idea how OpenSSL or the RFCs resolve this situation. Do you
> really intend to have the CA share the same Subject as the client?

No. It was mistake. You can close this bug report as invalid.

Andrus.