Michael Fuhr <[EMAIL PROTECTED]> writes:
> Isn't that the wrong test for DH_check's return value?

Yeah, sure looks that way, doesn't it?

> If $PGDATA/dh1024.pem exists and if SSL connections are enabled,
> then each SSL connection logs the following:
>   DH_check error (dh1024.pem): No SSL error reported
> The backend then loads the hardcoded parameters.  The SSL connection
> works, but with DH parameters other than intended.

So it's not that surprising that no one noticed it was broken :-(

                        regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 4: Have you searched our list archives?

               http://archives.postgresql.org

Reply via email to