BUG #15369: Postgres fails to start with default "ssl = true" configuration

From: PG Bug reporting form <noreply(at)postgresql(dot)org>
To: pgsql-bugs(at)lists(dot)postgresql(dot)org
Cc: eluther(at)smartleaf(dot)com
Subject: BUG #15369: Postgres fails to start with default "ssl = true" configuration
Date: 2018-09-07 21:33:46
Message-ID: 153635602607.23141.11387954289570596564@wrigleys.postgresql.org
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-bugs

The following bug has been logged on the website:

Bug reference: 15369
Logged by: Eric Luther
Email address: eluther(at)smartleaf(dot)com
PostgreSQL version: 9.6.10
Operating system: Debian 9.5

eluther(at)testvm03:~$ sudo service postgresql start
Starting PostgreSQL 9.6 database server: mainThe PostgreSQL server failed to
start. Please check the log output: 2018-09-07 16:49:56.926 EDT [3990]
FATAL: could not access private key file
"/etc/ssl/private/ssl-cert-snakeoil.key": Permission denied 2018-09-07
16:49:56.926 EDT [3990] LOG: database system is shut down ... failed!

eluther(at)testvm03:~$ cat /etc/postgresql/9.6/main/postgresql.conf |grep ssl
ssl = true # (change requires restart)
#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
#ssl_prefer_server_ciphers = on # (change requires restart)
#ssl_ecdh_curve = 'prime256v1' # (change requires restart)
ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem' # (change
requires restart)
ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key' # (change
requires restart)
#ssl_ca_file = '' # (change requires restart)
#ssl_crl_file = '' # (change requires restart)

eluther(at)testvm03:~$ sudo ls -l /etc/ssl/private/

[sudo] password for eluther:
total 8
-rw------- 1 root root 1704 Sep 7 13:08 int-wildcard.key
-rw-r----- 1 root ssl-cert 1704 Aug 27 16:48 ssl-cert-snakeoil.key

eluther(at)testvm03:~$ grep postgres /etc/group

eluther(at)testvm03:~$ psql --version
psql (PostgreSQL) 9.6.10

eluther(at)testvm03:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 9.5 (stretch)
Release: 9.5
Codename: stretch


Browse pgsql-bugs by date

  From Date Subject
Next Message Tom Lane 2018-09-07 21:49:38 Re: BUG #15369: Postgres fails to start with default "ssl = true" configuration
Previous Message Michael Paquier 2018-09-07 20:44:03 Re: BUG #15367: Crash in pg_fe_scram_free when using foreign tables