| From: | Michael Shapiro <mshapiro51(at)gmail(dot)com> |
|---|---|
| To: | Guillaume Lelarge <guillaume(at)lelarge(dot)info> |
| Cc: | Sébastien Mauroy <smauroy(at)ulb(dot)ac(dot)be>, pgadmin-support(at)postgresql(dot)org |
| Subject: | Re: pgAdmin asks me the server's private key |
| Date: | 2010-10-06 22:25:39 |
| Message-ID: | AANLkTim4XBA+kF-Vsv+2H6FB9U5cUr=unQ=Dgwhynvj1@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgadmin-support |
I think this is a postgres question about how it expects ssl to be
configured ...
I found some source code for Postgres that has this message in it..
http://doxygen.postgresql.org/fe-secure_8c-source.html
01010 if (have_cert && fnbuf[0] != '\0')
01011 {
01012 /* read the client key from file */
01013
01014 if (stat(fnbuf, &buf) != 0)
01015 {
01016 printfPQExpBuffer(&conn->errorMessage,
01017 libpq_gettext("*certificate present, but
not private key file* \"%s\"\n"),
01018 fnbuf);
01019 return -1;
01020 }
01021 #ifndef WIN32
01022 if (!S_ISREG(buf.st_mode) || buf.st_mode & (S_IRWXG |
S_IRWXO))
01023 {
01024 printfPQExpBuffer(&conn->errorMessage,
01025 libpq_gettext("private key file \"%s\"
has group or world access; permissions should be u=rw (0600) or less\n"),
01026 fnbuf);
01027 return -1;
01028 }
01029 #endif
01030
01031 if (SSL_use_PrivateKey_file(conn->ssl, fnbuf,
SSL_FILETYPE_PEM) != 1)
01032 {
01033 char *err = SSLerrmessage();
01034
01035 printfPQExpBuffer(&conn->errorMessage,
01036 libpq_gettext("could not load private key file \"%s\":
%s\n"),
01037 fnbuf, err);
01038 SSLerrfree(err);
01039 return -1;
01040 }
01041 }
2010/10/6 Guillaume Lelarge <guillaume(at)lelarge(dot)info>
> Le 06/10/2010 22:51, Sébastien Mauroy a écrit :
> > [...]
> > I installed postgreSQL on my serveur with the SSL support enabled. I
> > have my own CA and I generated a cert for this service. When I use
> > pgAdmin III, it says :
> >
> > "Error connecting to the server: certificate present, but not private
> > key file "C:\Users\<my user>\AppData\Roaming/postgresql/postgresql.key"
> >
> > I don't understand why it wants the server private key ?! It's a big
> > security hole if I must give the private key. I miss something ?
> >
>
> Well, I guess you do. Did you try to connect with psql? didn't it ask
> for the same thing?
>
>
> --
> Guillaume
> http://www.postgresql.fr
> http://dalibo.com
>
> --
> Sent via pgadmin-support mailing list (pgadmin-support(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgadmin-support
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dave Page | 2010-10-07 11:56:59 | Re: PgAdmin III 1.12 crazy memory usage |
| Previous Message | Guillaume Lelarge | 2010-10-06 22:15:09 | Re: pgAdmin asks me the server's private key |