| From: | Hugh Ranalli <hugh(at)whtc(dot)ca> |
|---|---|
| To: | Michael Paquier <michael(at)paquier(dot)xyz> |
| Cc: | Bruce Momjian <bruce(at)momjian(dot)us>, pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Channel binding not supported using scram-sha-256 passwords |
| Date: | 2019-02-18 17:52:29 |
| Message-ID: | CAAhbUMMg91kffwAgaHhURejdnQyW3DRi8gxbPoyHmeU0o6PorA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Sun, 17 Feb 2019 at 20:06, Michael Paquier <michael(at)paquier(dot)xyz> wrote:
> Now, the error message "channel binding not supported by this build"
> would show up by either the backend or the frontend if
> X509_get_signature_nid() is not present in the version of OpenSSL your
> version of libpq (for the frontend) or your backend are linked to.
> This function has been added in OpenSSL 1.0.2, so it seems to me that
> you have an OpenSSL version mismatch between your client and the
> server. My guess is that the client uses OpenSSL 1.0.2, but the
> server is linked to OpenSSL 1.0.1 or older.
>
Michael,
Thank you very much; that is indeed the case. The database server is brand
new, having built as an upgrade from PostgreSQL 8.2 (yes, I know, I know).
;-) It is running openssl 1.1.0 on Ubuntu 18.04. The application servers
are running openssl 1.0.1 on Ubuntu 14.04. They will be migrated to Ubuntu
18.04 before they reach EOL in April, but that won't happen until after the
database upgrade.
Knowing this is the issue is very helpful, and I'm not sure I would have
figured it out on my own. I'll just hold off on the scram-sha-256 password
conversion until we upgrade the application servers.
Best wishes,
Hugh
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Martín Fernández | 2019-02-18 20:08:59 | PG Upgrade with hardlinks, when to start/stop master and replicas |
| Previous Message | Andrew Gierth | 2019-02-18 17:37:10 | Re: HAVING query structured wrong |