Re: tlsv1 alert iso-8859-1 ca error on cert authentication

On Sun, Jun 8, 2025 at 9:14 AM Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Hm.  This example works fine for me on RHEL8.  Evidently your
> openssl installation is set up to reject self-signed certificates
> by default.

I wonder if this setup is somewhat undefined/underdefined behavior.

Andrus, if I understand correctly, you have
- two certificates (one client, one server _and_ CA)
- with the same(!) Subject, according to the logs
- one signed the other (so it's "self-signed")
- one is marked CA, one is not

I have no idea how OpenSSL or the RFCs resolve this situation. Do you
really intend to have the CA share the same Subject as the client?

--Jacob