On Mon, May 9, 2011 at 6:42 PM, Merlin Moncure <mmoncure@gmail.com> wrote:
>> Thanks. Yes, when I installed the latest stunnel-4.36 it works.
>>
>> One strange thing I notice. When I do ssl connect with psql I am
>> supposed to get a message like
>>
>> SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)
>>
>> With client side stunnel and (nonssl capable) psql I am not getting
>> this message. But still the connection seems to be ssl..
>
> it is? try setting up your connection string to require ssl.
>
I assume it is because in pg_hba.conf "hostssl" is specified for this
client ip/user/database. Plus I check ps output on the server during
the connection and postgres server reports that connection is from the
ip address specified in pg_hba.conf
Here is what I tried
---------------
PGSSLMODE=require bin/psql -h 127.0.0.1 -U xmpp xmpp
psql: server does not support SSL, but SSL was required
--------------
Just so I don't get confused between multiple lines in pg_hba.conf I
also deleted all other lines in it and retested. Assuming postgres
server is correctly applying the restrictions in pg_hba.conf, and
assuming the out put of "ps" is reliable then I am doing an ssl
connection but somehow psql does not think so and does not work unless
I drop PGSSLMODE=require
