Skip site navigation (1) Skip section navigation (2)

Re: ssl support

From: Steve Holdoway <steve(at)treshna(dot)com>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers-win32(at)postgresql(dot)org
Subject: Re: ssl support
Date: 2004-06-28 04:19:19
Message-ID: 40DF9C47.1040704@treshna.com (view raw or flat)
Thread:
Lists: pgsql-hackers-win32
Tom Lane wrote:

>Steve Holdoway <steve(at)treshna(dot)com> writes:
>  
>
>>Has anyone managed to connect in using ssl to a remote database, or is 
>>it just me?
>>    
>>
>
>I'd say "it's just you", but since I have little experience with using
>this stuff on Windoze, there may be some platform issues involved too.
>
>  
>
>>I see that the snapshot is compiles with ssl support, but I 
>>can only connect via unencrypted means.
>>    
>>
>
>This is *not* a sufficient report --- tell us exactly what you tried and
>what error messages you get.  The contents of the server's pg_hba.conf
>file might be enlightening as well.
>
>			regards, tom lane
>
>---------------------------(end of broadcast)---------------------------
>TIP 8: explain analyze is your friend
>  
>
1. Download and install openssl-0.9.7d.
2. Download todays snapshot from hagander.net, and install.

3. with relevant entry in pg_hba.conf...
host    all         all         192.168.1.0       255.255.255.0     trust

a. Windoze
psql -U... -d... -h... database
Welcome to psql 7.5devel, the PostgreSQL interactive terminal.

Type:  \copyright for distribution terms
       \h for help with SQL commands
       \? for help on internal slash commands
       \g or terminate with semicolon to execute query
       \q to quit

Warning: Console codepage (437) differs from windows codepage (1252)
       8-bit characters will not work correctly. See PostgreSQL
       documentation "Installation on Windows" for details.

db#

b. Linux
psql -U... -d... -h... database
Welcome to psql 7.4.2, the PostgreSQL interactive terminal.
 
Type:  \copyright for distribution terms
       \h for help with SQL commands
       \? for help on internal slash commands
       \g or terminate with semicolon to execute query
       \q to quit
 
SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)

db#

4. with relevant entry in pg_hba.conf...
hostssl    all         all         192.168.1.0       255.255.255.0     trust

a. Windows
psql -U... -d... -h... database
psql: FATAL:  no pg_hba.conf entry for host "192.168.1.24", user ..., 
database ..., SSL off

b. Linux
psql -U... -d... -h... database
Welcome to psql 7.4.2, the PostgreSQL interactive terminal.
 
Type:  \copyright for distribution terms
       \h for help with SQL commands
       \? for help on internal slash command
       \g or terminate with semicolon to execute query
       \q to quit
 
SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)

db#


I have tried this on a number of linux clients, some of whom have had 
ssl enabled in postgres, and some who haven't.  All use ssl connections.

I can only assume that there is a step on the Windoze client that I've 
missed out on.

Steve

In response to

pgsql-hackers-win32 by date

Next:From: Dave PageDate: 2004-06-28 08:13:32
Subject: Re: ssl support
Previous:From: Tom LaneDate: 2004-06-28 03:52:02
Subject: Re: ssl support

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group