BUG #5245: Full Server Certificate Chain Not Sent to client

The following bug has been logged online:

Bug reference:      5245
Logged by:          Brian Krug
Email address:      bkrug@usatech.com
PostgreSQL version: 8.4.1
Operating system:   Solaris 10
Description:        Full Server Certificate Chain Not Sent to client
Details:

I setup a postgres server with hostssl connections (in pg_hba.conf) and
clientcert=1 option. Then I setup a Java client to connect to it with the
postgres jdbc driver (version 8.4-701.jdbc4). I setup the server.key,
server.crt and root.crt files on the server. The server.crt file is a
certificate chain of 3 entries: the host-specific certificate followed by an
immediate CA certificate followed by our company's root CA certificate. I
put the root CA certificate into the truststore of the java client and I
enable full ssl debug logging in the java client with -Djavax.net.debug=ssl.
When I attempt a connection, my java client rejects the server's certificate
reporting "SunCertPathBuilderException: unable to find valid certification
path to requested target". When I look at the ssl debug logging, I realize
that the server has only sent the first certificate (it's own) and not the
full certificate chain.