Skip site navigation (1) Skip section navigation (2)

Re: [TESTERS] Location of certs -Windows 7 SSL mode?

From: Magnus Hagander <magnus(at)hagander(dot)net>
To: Lou Picciano <loupicciano(at)comcast(dot)net>
Cc: pgsql-testers <pgsql-testers(at)postgresql(dot)org>, pgsql-bugs <pgsql-bugs(at)postgresql(dot)org>
Subject: Re: [TESTERS] Location of certs -Windows 7 SSL mode?
Date: 2010-07-08 10:34:24
Message-ID: AANLkTikw6zjXSHP5KhtwN_xv1EkMosTRlMBUBlYpHNxl@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-bugspgsql-testers
On Wed, Jul 7, 2010 at 16:28, Lou Picciano <loupicciano(at)comcast(dot)net> wrote:
> Magnus,
> Tks for your response.
>> What is your connection string? Are you specifying the cert file there as
>> well?
> Well, no.  Specifically, the exercise was to determine default locations of
> certs on Windows 7, as inferred from - the expected - error message from the
> PG client.  In this case, the client was pgAdmin.  (Is pgAdmin not a valid
> 'default' test?)

Ah, ok.
pgAdmin should be a valid test. Though in general, it's always
appreciated if you can try to reproduce the issue using psql. It
*could* be a bug in pgAdmin - in which case that also has to be fixed
of course, but it's a good way to narrow down where it is.


>> The code itself should actually "never" do this - it specifically checks
>> if the file doesn't exist, and should *not* show that error..
>> It should fail much later, when the server actually requests the cert..
> Oh?  I didn't realize this.  In fact, past experience has been consistent
> with my findings; that pqlib will hiccup quickly if it cannot find a cert,
> and that this error message would appear before ever presenting that
> (non-)cert to the server.  If a cert is found, on the other hand, error
> messages would be different, assuming it's an invalid cert in the context of
> pg_hba.cconf.

If there is no cert, and the server doesn't request one, it's not an
error, and shouldn't be. Non-existant cert should only be an error if
the server requires one, and that should AFAICS give a different error
message.

>> Can you try specifying an explicit file say directly in c:\, just to see
>> if that works?
> Presumably you're proposing an environment variable approach?  Sure, please
> propose an exact test, and we'll perform.  (No one else here is using certs
> under Windows 7?)

Either environment variable or connection string parameter. See
http://www.postgresql.org/docs/9.0/static/libpq-connect.html, for the
parameters sslcert and sslkey. Or
http://www.postgresql.org/docs/9.0/static/libpq-envars.html for the
respective environment vars.

-- 
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/

In response to

pgsql-bugs by date

Next:From: Niranjan PanditDate: 2010-07-08 12:49:01
Subject: BUG #5545: permission denied on delete
Previous:From: Magnus HaganderDate: 2010-07-08 10:31:30
Subject: Re: [TESTERS] Location of certs -Windows 7 SSL mode?

pgsql-testers by date

Next:From: Lou PiccianoDate: 2010-07-08 21:18:38
Subject: v9.0 beta clients - on Windows 7 - do not pick up SSL ENVIRONMENT VARIABLES?
Previous:From: Magnus HaganderDate: 2010-07-08 10:31:30
Subject: Re: [TESTERS] Location of certs -Windows 7 SSL mode?

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group