| From: | "James B(dot) Byrne" <byrnejb(at)harte-lyne(dot)ca> |
|---|---|
| To: | "Greg Smith" <greg(at)2ndquadrant(dot)com> |
| Cc: | "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: PG84 and SELinux |
| Date: | 2010-12-06 18:29:49 |
| Message-ID: | 43265.216.185.71.25.1291660189.squirrel@webmail.harte-lyne.ca |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Mon, December 6, 2010 00:47, Greg Smith wrote:
>
> That looks to be the str_copy routine from conf_def.c in the OpenSSL
> code, i.e. line 624 of the version at:
>
> http://code.google.com/p/commitmonitor/source/browse/trunk/common/openssl/crypto/conf/conf_def.c
>
> So guessing something in the SSL autonegotiation is failing here in
> a really unexpected way.
>
The problem was an expired pki certificate. When we first used ssl
for pg we did not have our private CA set up. So we generated a
self-signed certificate. That certificate expired this past July
and I infer that while 8.1 did not care 8.4 evidently does.
In any case, we generated a new key and had a certificate signing
request signed by our CA. We installed both as server.key and
server.crt in the pgsql/data directory with chmod 600 and chown
postgres:postgres. Setting the postgresql.conf ssl option to on and
restarting the server no longer causes any error.
Than you all for the help.
--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB(at)Harte-Lyne(dot)ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
| From | Date | Subject | |
|---|---|---|---|
| Next Message | James B. Byrne | 2010-12-06 19:04:59 | Re: PG84 and SELinux |
| Previous Message | Radosław Smogura | 2010-12-06 18:03:59 | Re: Problems Authenticating against OpenLDAP |