Skip site navigation (1) Skip section navigation (2)

Re: Ref: BUG#1321: SSL error: sslv3 alert handshake failure

From: vishal saberwal <vishalsaberwal(at)gmail(dot)com>
To: "T(dot)J(dot) Ferraro" <tjtoocool(at)phreaker(dot)net>
Cc: pgsql-bugs(at)postgresql(dot)org
Subject: Re: Ref: BUG#1321: SSL error: sslv3 alert handshake failure
Date: 2005-08-25 02:28:44
Message-ID: 3e74dc2505082419281447b731@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-bugs
Thanks a lot TJ,
You were right ...
I installed 8.0.3 and then placed the certificates as suggested by you
... It worked ...

But, Management requires me to use 8.0.1 (on both servers and clients)
as our total infrastructure and coding is based on it ... Is there a
patch I can apply to 8.0.1 so that I could install same version on all
clients and servers ...

I also looked at the below code (from old version but of relevance to
know the permissions expected ) ...
/*
	 * make sure $HOME/.postgresql/postgresql.key file exists,
	 * is regular file, owned by current user, and not group-
	 * or world-accessable.
	 */
	snprintf(fnbuf, sizeof fnbuf,  "%s/.postgresql/postgresql.key", 
		pwd->pw_dir);
	if (lstat(fnbuf, &buf) == -1)
	{
		fprintf(stderr, "certificate file exists, but no private key\n");
		SSL_use_certificate(ssl, NULL);
		return -1;
	}
	if (!S_ISREG(buf.st_mode) || buf.st_uid != uid ||
		(buf.st_mode & (S_IRWXG | S_IRWXO)) != 0)
	{
		fprintf(stderr,
			"private key file has wrong ownership or permissions\n");
		SSL_use_certificate(ssl, NULL);
		return -1;
	}

thanks again,
vish

On 8/24/05, T.J. Ferraro <tjtoocool(at)phreaker(dot)net> wrote:
> Vishal,
> 
>     No it's definitely not the query or the lan. From the fact that the
> server started up with those files in the data directory suggests that
> the problem does not lie on the server, either. And as you have shown
> the client files seem to be in order, as well. Which leaves one of two
> possibilities. Since upgrading the server is not possible my next
> question I guess would be regarding the client. Are they running 8.0.1
> as well? Would it be possible to upgrade the client to 8.0.3? I'm not
> certain, but I could swear they made a couple changes before 8.0.2
> regarding the SSL stuff (specifically in regards to the client).
> 
> T.J.
>

In response to

Responses

pgsql-bugs by date

Next:From: Tom LaneDate: 2005-08-25 02:35:59
Subject: Re: Ref: BUG#1321: SSL error: sslv3 alert handshake failure
Previous:From: vishal saberwalDate: 2005-08-25 00:35:25
Subject: Re: Ref: BUG#1321: SSL error: sslv3 alert handshake failure

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group