Re: tlsv1 alert unknown ca error on cert authentication
Andrus <kobruleht2@hot.ee>
From: Andrus <kobruleht2@hot.ee>
To: Jacob Champion <jacob.champion@enterprisedb.com>,
Tom Lane <tgl@sss.pgh.pa.us>
Cc: pgsql-bugs@lists.postgresql.org
Date: 2025-06-09T20:40:34Z
Lists: pgsql-bugs
Hi! > I wonder if this setup is somewhat undefined/underdefined behavior. > > Andrus, if I understand correctly, you have > - two certificates (one client, one server _and_ CA) > - with the same(!) Subject, according to the logs > - one signed the other (so it's "self-signed") > - one is marked CA, one is not > > I have no idea how OpenSSL or the RFCs resolve this situation. Do you > really intend to have the CA share the same Subject as the client? No. It was mistake. You can close this bug report as invalid. Andrus.