On Thursday, March 21, 2019 5:39:10 AM CDT Christoph Berg wrote: > that error message is directly from openssl, so unrelated to > PostgreSQL. What size is the snakeoil key? Could you post the output > of that command? > > openssl x509 -text -noout < /etc/ssl/certs/ssl-cert-snakeoil.pem
Sorry, I deleted the old file while I was trying to get my system into a
working state.
> My guess would be that the snakeoil key was generated a very long time
> ago, when the key size defaults were less than they are today, and
> buster's libssl is now rejecting the key.
Yes, I was able to run:
sudo make-ssl-cert generate-default-snakeoil --force-overwrite
to resolve the issue. Note the `--force-overwrite`, which is not used by the
various postinst scripts.
It would be nice if the buster upgrade could so this for the user, but I don't
know if that's reasonable for all Debian installations. IMO, It would be a
good buster release note. In any case, it's not a *PostgreSQL* bug.
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
b...@iguanasuicide.net ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-'
http://iguanasuicide.net/ \_/
signature.asc
Description: This is a digitally signed message part.
