Skip site navigation (1) Skip section navigation (2)

Re: ssl database connection problems...

From: Carol Walter <walterc(at)indiana(dot)edu>
To:
Cc: pgsql-admin(at)postgresql(dot)org
Subject: Re: ssl database connection problems...
Date: 2008-12-30 20:53:37
Message-ID: 4D15E432-79CD-4D0E-ACDD-BC1ABCC5BAFD@indiana.edu (view raw or flat)
Thread:
Lists: pgsql-admin
Thanks to all of you.  Many of my problems have been fixed.  My  
"listening_addresses" was not set correctly.  After I fixed that  
problem, I started getting an SSL error.  I'm now getting this error  
as follows:

walterc(at)fac-staff:~$ psql -U walterc -d walterc -h db -p 5433
psql: SSL SYSCALL error: EOF detected

I've poked around a lot in my system.  OpenSSL is telling me that ssl  
is not properly configured.  I don't know if the error is accurate of  
it's describing differences between its configuration and Postgres'.   
Since ssl on my database box has never been used, there's a very good  
chance it's not configured properly.  I've decided the best tact would  
be to get a new version of OpenSSL.  The most current version on the  
Sun Freeware site, is 0.9.8i.
Are there any issues with compatibility that I should know about.

I'm running Solaris 10 and version 8.3.4 of postgres.

Thanks,

Carol
On Dec 29, 2008, at 9:36 PM, Ray Stell wrote:

> On Mon, Dec 29, 2008 at 04:23:30PM -0500, Carol Walter wrote:
>> "with openssl" when I initially configured the server.  Are there  
>> other
>> things that need to be done to get openssl started on the database  
>> server?
>> How can I diagnose this problem?
>>
>
> The files server.key, server.crt, root.crt, and root.crl are only  
> examined
> during server start; so you must restart the server for changes in  
> them
> to take effect.
>
> http://www.postgresql.org/docs/8.3/interactive/ssl-tcp.html
>
> It's been awhile since I played with this, but there's something  
> about an
> environment var, PGSSLMODE.
>
> You can use openssl to verify the server/root ca correctness like
> this:
>
> openssl  verify -CAfile ./root.crt testcert.pem
>
> assuming openssl in the mix.
>
> -- 
> Sent via pgsql-admin mailing list (pgsql-admin(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-admin


In response to

Responses

pgsql-admin by date

Next:From: AmitKumar JainDate: 2008-12-31 00:07:55
Subject: Re: Getting the value of a config parameter in runtime
Previous:From: Scott MarloweDate: 2008-12-30 20:08:45
Subject: Re: postgres block_size problem

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group