Re: strange SSL msg

"Jean-Yves F. Barbier" <12ukwn@gmail.com> writes:
> I followed the http://www.howtoforge.com/postgresql-ssl-certificates HOWTO
> and succeeded to install SSL certificates (although pg_hba.conf line should
> be: hostssl  mydb  myuser  0.0.0.0/0  cert (and not trust).)

> As I didn't already test revocation, I made a: touch root.crl but at svr
> start I've got these 2 log lines:
> SSL certificate revocation list file "root.crl" not found, \
>    skipping: no SSL error reported
> Certificates will not be checked against revocation list.

> Is this behavior normal or not?

Hmmm ... I don't see that here, on a Fedora 13 machine (openssl-1.0.0d).
It appears from the message that X509_STORE_load_locations is returning
zero but not bothering to set up an OpenSSL error message.  It's not
entirely surprising that they might consider an empty file as an error,
perhaps; but I'm thinking this might be a bug that's fixed in newer
OpenSSL releases.

            regards, tom lane