On Thursday, March 21, 2019 5:39:10 AM CDT Christoph Berg wrote: > that error message is directly from openssl, so unrelated to > PostgreSQL. What size is the snakeoil key? Could you post the output > of that command? > > openssl x509 -text -noout < /etc/ssl/certs/ssl-cert-snakeoil.pem
Sorry, I deleted the old file while I was trying to get my system into a working state. > My guess would be that the snakeoil key was generated a very long time > ago, when the key size defaults were less than they are today, and > buster's libssl is now rejecting the key. Yes, I was able to run: sudo make-ssl-cert generate-default-snakeoil --force-overwrite to resolve the issue. Note the `--force-overwrite`, which is not used by the various postinst scripts. It would be nice if the buster upgrade could so this for the user, but I don't know if that's reasonable for all Debian installations. IMO, It would be a good buster release note. In any case, it's not a *PostgreSQL* bug. -- Boyd Stephen Smith Jr. ,= ,-_-. =. b...@iguanasuicide.net ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/ \_/
signature.asc
Description: This is a digitally signed message part.