Home > mailing lists

Re: PQConnectdb SSL (sslmode): Is this a bug - Mailing list pgsql-general

From	Tom Lane
Subject	Re: PQConnectdb SSL (sslmode): Is this a bug
Date	August 26, 2005 20:26:10
Msg-id	22484.1125087922@sss.pgh.pa.us Whole thread Raw
In response to	Re: PQConnectdb SSL (sslmode): Is this a bug (Michael Fuhr <mike@fuhr.org>)
Responses	Re: PQConnectdb SSL (sslmode): Is this a bug (vishal saberwal <vishalsaberwal@gmail.com>)
List	pgsql-general

Tree view

Michael Fuhr <mike@fuhr.org> writes:
> Is it possible that your program is linked against an old version
> of libpq?  I can reproduce the above error with an otherwise working
> 8.0.3 setup if I link the program against a 7.4.8 libpq.

The CVS logs show quite a bit of work done on SSL support between 7.4
and 8.0, for instance:

2004-11-19 19:18  tgl

    * src/: backend/libpq/be-secure.c, interfaces/libpq/fe-secure.c:
    Improve error reporting for SSL connection failures.  Remove
    redundant free operations in client_cert_cb --- openssl will also
    attempt to free these structures, resulting in core dumps.

2004-09-26 18:51  tgl

    * doc/src/sgml/libpq.sgml, doc/src/sgml/runtime.sgml,
    src/backend/libpq/be-secure.c, src/interfaces/libpq/fe-secure.c:
    Fix multiple breakages in our support for SSL certificates.

My suspicion is that you need to be using 8.0 if you want any degree of
robustness in using SSL for certificate checking (as opposed to being
just an encrypted communications channel).

            regards, tom lane

pgsql-general by date:

From: Tom Lane
Date: 26 August 2005, 20:22:09
Subject: Re: PG 8.0 "CONNECT BY" patch

From: Bruce Momjian
Date: 26 August 2005, 20:41:51
Subject: Re: Postgresql Function Cookbook/General howto

Re: PQConnectdb SSL (sslmode): Is this a bug - Mailing list pgsql-general

Previous

Next