On Wed, 27 Jan 2010, Tom Lane wrote:
> Richard Troy <rtroy(at)ScienceTools(dot)com> writes:
> > Although I think I've got everything configured correctly, I'm not getting
> > ssl encrypted connections to be accepted. Also, havent' figured out how to
> > tell psql to try _only_ an ssl-type connection.
> I don't know the answer to your problems offhand, but a few suggestions:
> * Read the version of the docs corresponding to your server version,
> not earlier or later ones. This stuff changes.
Thanks, Tom, I hadn't thought any of this had changed since before version
7, or at the least had been pretty consistent through v 8, but that's a
silly assumption on my part!
> * Look in the postmaster log to see what gets logged during a failed
> connection attempt.
Of course! -duh!-
Depending on which test, I get either:
LOG: could not accept SSL connection: sslv3 alert certificate unknown
LOG: could not accept SSL connection: peer did not return a certificate
...which seems to (strongly) suggest that it's requiring not only an
encrypted connection but that the user present a certificate.
> * I do know about try-only-SSL, it's driven by an environment variable:
> export PGSSLMODE=require
Good to know.
> * The docs only cover SSL in the context of psql and other libpq-based
> clients. For JDBC you should probably ask on pgsql-jdbc. But try to
> get psql working first.
Yes, I agree.
I have been thinking about updating all my systems to the same (latest)
version - perhaps it's time to do that and then see where things are.
Thanks for your suggestions, Tom,
Richard Troy, Chief Scientist
Science Tools Corporation
In response to
pgsql-novice by date
|Next:||From: Steve Crawford||Date: 2010-01-28 19:10:53|
|Subject: Re: PG_STAT_DATABASE|
|Previous:||From: Tom Lane||Date: 2010-01-28 16:10:50|
|Subject: Re: SSL Connection help, pls... |