Re: [ADMIN] Connecting via SSL not working (except from psql) - Mailing list pgsql-jdbc
| From | Barry Lind |
|---|---|
| Subject | Re: [ADMIN] Connecting via SSL not working (except from psql) |
| Date | |
| Msg-id | 3D52A58A.2000401@xythos.com Whole thread Raw |
| In response to | Re: [ADMIN] Connecting via SSL not working (except from psql) ("Magnus Hagander" <mha@sollentuna.net>) |
| List | pgsql-jdbc |
We are certainly interested in any patches once you are done. I don't know about anyone else that is working on this currently. thanks, --Barry Paul Legato wrote: > Hi Magnus, > > Thanks for the help. I'll take a look at fe-connect.c and see if I can > get my JDBC driver working. > > Is anyone within the Postgres project currently adding SSL support to > JDBC? Anyone interested in the patches once I get everything working? > > -Paul > > > Magnus Hagander wrote: > >> Hi! >> >> SSL is not enabled at connection time in pgsql - it is negotiatied with >> the postmaster, and enabled later. You need to send a correctly >> formatted start message in clear text to the postmaster to initiate the >> SSL negotiation first, and turn on SSL after that (assuming the >> postmaster reports that SSL is Ok). >> This is done so the postmaster can listen for both SSL and non-SSL >> connections on the same port. >> >> Take a look at how libpq does it. In 7.1.3, it starts at line 963 in >> interfaces/libpq/fe-connect.c. (Sorry, don't have the source to a >> newer version around right now - look >> for comment on 'Attempt to negotiate SSL usage'). >> >> //Magnus >> >> >>> -----Original Message----- >>> From: Paul Legato [mailto:plegato@nks.net] Sent: Tuesday, August 06, >>> 2002 5:47 PM >>> To: pgsql-admin@postgresql.org >>> Cc: pgsql-jdbc@postgresql.org >>> Subject: [ADMIN] Connecting via SSL not working (except from psql) >>> >>> >>> Hi, >>> >>> I'm trying to connect to SSL-enabled Postgres (started with -i -l) >>> using both the openssl command line utility and with a modified JDBC >>> driver using the built in JSSE API from Java 1.4. >>> >>> If I attempt to connect from a shell with the openssl test utility, >>> I get: >>> >>> $ openssl s_client -connect localhost:5432 >>> CONNECTED(00000003) >>> 25870:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown >>> protocol:s23_clnt.c:460: >>> >>> With the JDBC driver, at connection I get: >>> >>> javax.net.ssl.SSLException: Unrecognized SSL message, plaintext >>> connection? >>> >>> In both cases, the server logs the message "FATAL 1: invalid length >>> of startup packet". >>> >>> A connection to the server with psql works fine, and prints "SSL >>> connection (cipher: DES-CBC3-SHA, bits: 168)" at startup. I've tried >>> manually specifying this cipher to openssl, which does not change >>> the result. >>> >>> I'm stuck. Any suggestions or pointers will be greatly appreciated. :) >>> >>> Thanks, >>> -Paul >>> >>> >>> ---------------------------(end of >>> broadcast)--------------------------- >>> TIP 3: if posting/reading through Usenet, please send an appropriate >>> subscribe-nomail command to majordomo@postgresql.org so that your >>> message can get through to the mailing list cleanly >>> >> > > > > > ---------------------------(end of broadcast)--------------------------- > TIP 6: Have you searched our list archives? > > http://archives.postgresql.org >
pgsql-jdbc by date: