Re: using pgsql-odbc using client certificate auth

From: Hiroshi Inoue <inoue(at)tpf(dot)co(dot)jp>
To: Stephen Frost <sfrost(at)snowman(dot)net>
Cc: "Duffey, Blake A(dot)" <Blake(dot)Duffey(at)noblis(dot)org>, "pgsql-odbc(at)postgresql(dot)org" <pgsql-odbc(at)postgresql(dot)org>
Subject: Re: using pgsql-odbc using client certificate auth
Date: 2012-03-15 06:15:12
Message-ID: 4F6188F0.8050400@tpf.co.jp
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-odbc

Hi Stephen,

(2012/03/15 2:27), Stephen Frost wrote:
> * Duffey, Blake A. (Blake(dot)Duffey(at)noblis(dot)org) wrote:
>> What support does the current PG ODBC driver have for using client certificates for user authentication? Anyone have any experience with this?

I'm not sure if the client certificates works or not.
As for the 32bit driver aren't you using psqlodbc_09_01_0100?
If so please try psqlodbc_09_01_0100-1.
psqlodbc_09_01_0100 contains an illegal libpq.dll and the
client certificates functionality completely relies on libpq.

regards,
Hiroshi Inoue

> More specifically.. We're trying to make it work, but the ODBC driver
> is crashing and we're not sure why. The error information is:
>
> Problem signature:
> Problem Event Name: APPCRASH
> Application Name: odbcad32.exe
> Application Version: 6.1.7600.16385
> Application Timestamp: 4a5bcd4c
> Fault Module Name: CRYPT32.dll
> Fault Module Version: 6.1.7601.17514
> Fault Module Timestamp: 4ce7b841
> Exception Code: c0000005
> Exception Offset: 0000e26b
> OS Version: 6.1.7601.2.1.0.144.8
> Locale ID: 1033
> Additional Information 1: 0a9e
> Additional Information 2: 0a9e372d3b4ad19135b953a78882e789
> Additional Information 3: 0a9e
> Additional Information 4: 0a9e372d3b4ad19135b953a78882e789
>
> This is using the latest ODBC driver (we've tried both 32bit and 64bit
> and received similar errors, the above is with the 32bit one). We can
> connect from this same system using client-side certificates with
> pgAdmin (where we have to specify the file location of the key and
> certificate), and we have the client certificate loaded in to the
> certificate store in Windows, so we know the PG server is configured
> correctly and that the key and certificate work.
>
> The 'mylog' file contains:
>
> [9792-0.000]globals.extra_systable_prefixes = 'dd_;'
> [9792-0.000]exe name=odbcad32 plaformId=2
> [9792-0.015]aszKey='DSN', value='beren_test'
> [9792-0.015]copyAttributes: DSN='beren_test',server='',dbase='',user='',passwd='xxxxx',port='',onlyread='',protocol='',conn_settings='',disallow_premature=-1)
> [9792-0.062]getDSNinfo: DSN=beren_test overwrite=0
> [9792-0.062]force_abbrev=0 bde=0 cvt_null_date=0
> [9792-0.062]globals.extra_systable_prefixes = 'dd_;'
> [9792-0.078]calling getDSNdefaults
> [9792-0.078]checking libpq library
> [9792-0.093]psqlodbc path based libpq loaded module=00000000
> [9792-0.093]libpq hmodule=00000000
> [9792-0.093]secur32 hmodule=74630000
> [9792-0.093]libpq_exist=1
> [9792-1.484]EN_add_connection: self = 00326A08, conn = 00326A38
> [9792-1.484] added at 0, conn->henv = 00326A08, conns[0]->henv = 00326A08
>
> Also, looking through the source code, one thing which worries us is
> that the CN in the certificate doesn't match the PG username we're
> trying to use (though we've tried to make them match and that doesn't
> help with the above error..). We'd really like to not have those match
> and instead have the ODBC driver use a specific certificate or have a
> way to tell the ODBC driver which CN to use.
>
> Any thoughts on this would be greatly appreciated.
>
> Thanks,
>
> Stephen

In response to

Responses

Browse pgsql-odbc by date

  From Date Subject
Next Message Alexandre - Aldeia Digital 2012-03-15 20:09:01 Problem with Use Declare/Fetch
Previous Message Stephen Frost 2012-03-14 17:27:05 Re: using pgsql-odbc using client certificate auth