We wanted to use pure ssl encryption without certificate validation. We created and configured self-signed certificates at the postgres server, turned "sslmode=on" and advised our clients to use "sslmode=prefer". This worked very well.
However, one client also configured some client certificates + "sslmode=prefer" which resulted in "could not accept ssl connection tlsv1 alert unknown ca". I always thought that Postgres does only validate certificates with "sslmode=verify-ca" and "sslmode=verify-full" => https://www.postgresql.org/docs/current/libpq-ssl.html Did I get something wrong?
