Re: Ref: BUG#1321: SSL error: sslv3 alert handshake failure - Mailing list pgsql-bugs

From vishal saberwal
Subject Re: Ref: BUG#1321: SSL error: sslv3 alert handshake failure
Date
Msg-id 3e74dc2505082419281447b731@mail.gmail.com
Whole thread Raw
In response to Ref: BUG#1321: SSL error: sslv3 alert handshake failure  (vishal saberwal <vishalsaberwal@gmail.com>)
Responses Re: Ref: BUG#1321: SSL error: sslv3 alert handshake failure
List pgsql-bugs
Thanks a lot TJ,
You were right ...
I installed 8.0.3 and then placed the certificates as suggested by you
... It worked ...

But, Management requires me to use 8.0.1 (on both servers and clients)
as our total infrastructure and coding is based on it ... Is there a
patch I can apply to 8.0.1 so that I could install same version on all
clients and servers ...

I also looked at the below code (from old version but of relevance to
know the permissions expected ) ...
/*
     * make sure $HOME/.postgresql/postgresql.key file exists,
     * is regular file, owned by current user, and not group-
     * or world-accessable.
     */
    snprintf(fnbuf, sizeof fnbuf,  "%s/.postgresql/postgresql.key",=20
        pwd->pw_dir);
    if (lstat(fnbuf, &buf) =3D=3D -1)
    {
        fprintf(stderr, "certificate file exists, but no private key\n");
        SSL_use_certificate(ssl, NULL);
        return -1;
    }
    if (!S_ISREG(buf.st_mode) || buf.st_uid !=3D uid ||
        (buf.st_mode & (S_IRWXG | S_IRWXO)) !=3D 0)
    {
        fprintf(stderr,
            "private key file has wrong ownership or permissions\n");
        SSL_use_certificate(ssl, NULL);
        return -1;
    }

thanks again,
vish

On 8/24/05, T.J. Ferraro <tjtoocool@phreaker.net> wrote:
> Vishal,
>=20
>     No it's definitely not the query or the lan. From the fact that the
> server started up with those files in the data directory suggests that
> the problem does not lie on the server, either. And as you have shown
> the client files seem to be in order, as well. Which leaves one of two
> possibilities. Since upgrading the server is not possible my next
> question I guess would be regarding the client. Are they running 8.0.1
> as well? Would it be possible to upgrade the client to 8.0.3? I'm not
> certain, but I could swear they made a couple changes before 8.0.2
> regarding the SSL stuff (specifically in regards to the client).
>=20
> T.J.
>

pgsql-bugs by date:

Previous
From: vishal saberwal
Date:
Subject: Re: Ref: BUG#1321: SSL error: sslv3 alert handshake failure
Next
From: Tom Lane
Date:
Subject: Re: Ref: BUG#1321: SSL error: sslv3 alert handshake failure