Thread: Is this a known feature of 8.1 SSL connection?
I don't recall this being an issue with 8.4 I am also using
Say your 8.1 server has SSL on. Even though pg_hba.conf have
host or hostnossl .... md5
either server or 8.1 psql insists that you have .postgresql/postgresql.*
Does that make sense to you?
Note: no "cert" in pg_hba.conf
On Mon, Nov 01, 2010 at 11:54:25AM -0400, zhong ming wu wrote: > I don't recall this being an issue with 8.4 I am also using > > Say your 8.1 server has SSL on. Even though pg_hba.conf have > > host or hostnossl .... md5 > > either server or 8.1 psql insists that you have .postgresql/postgresql.* > > Does that make sense to you? > > Note: no "cert" in pg_hba.conf no, that does not make sense to me, however, I don't have an 8.x to play with. In 9.0.1, with hostnossl+md5 ssl=on no ~/.postgresql on the client $ psql -p 5498 template1 postgres Password for user postgres: psql (9.0.1) Type "help" for help. template1=# \q what is the postmaster msg exactly?
On Tue, Nov 2, 2010 at 11:25 AM, Ray Stell <stellr@cns.vt.edu> wrote:
> On Tue, Nov 02, 2010 at 09:03:59AM -0400, zhong ming wu wrote:
>> On Mon, Nov 1, 2010 at 5:06 PM, Ray Stell <stellr@cns.vt.edu> wrote:
>> >
>> > no, that does not make sense to me, however, I don't have an 8.x to play
>> with.
>> >
>> > In 9.0.1,
>> > with hostnossl+md5
>> > ssl=on
>> > no ~/.postgresql on the client
>> >
>> > $ psql -p 5498 template1 postgres
>> > Password for user postgres:
>> > psql (9.0.1)
>> > Type "help" for help.
>> >
>> > template1=# \q
>> >
>> > what is the postmaster msg exactly?
>> >
>>
>> psql 8.1 Client on 32 bit. 8.1 Server on 64 bit. Both centos 5.4.
>>
>> Client message:
>> -----------------------
>> psql: could not open certificate file
>> "/some/path/.postgresql/postgresql.crt" no such file ro directory
>> ------------------
>> Server log:
>> ----------------------
>> Could not accept SSL connection: peer did not return a certificate.
>> -----------------------
>>
>> Now when a certificate was supplied the connection was made sucessfully with
>> hostnossl
>>
>> And at the psql prompt, I do not get "ssl connection" details as expected
>> for hostnossl connection.
>>
>> The psql command used
>>
>> psql -h 192.168.56.101 -U testuser test
>
> well, that is really strange. I wish I could help you by looking at an 8.x
> install, but I don't have time right now. If we assume the code works the
> same way in in 8 and 9, which I think they probably do, then I'd have to ask
> if you are sure you are looking at the right config. Maybe you have more
> than one test db? I'm sure you are not making that mistake.
>
>
Good question. First, it's not easy to get confused like this because server logs lives in $PGDATA/pg_log/ and pg_hba.conf is in $PGDATA
That is the production system where I first experienced the error.
The errors I sent you above were generated on two freshly made virtualboxes with prepackaged 8.1 that comes with centos.
On Tue, Nov 2, 2010 at 1:43 PM, Ray Stell <stellr@cns.vt.edu> wrote:
>>
>> Good question. First, it's not easy to get confused like this because server
>> logs lives in $PGDATA/pg_log/
>
>
> this is configurable in postgresql.conf. you can set the logs to any dir
> that exists and is writable by the software owner. Doing that wil make it
> more clear what db you are really working with. I redirect to home:
>
> log_directory = '/home/postgres/log/atlassian'
>
Sure. What I meant was that it was configured to what I wrote above and that I was not looking in the wrong log.
Sorry to top post but it's this email client ..
pg_hba.conf is bare bone
Besides it asks for certs but it obviously does not do SSL connection at the end
On Nov 2, 2010 2:12 PM, "Ray Stell" <stellr@cns.vt.edu> wrote:On Tue, Nov 02, 2010 at 01:54:34PM -0400, zhong ming wu wrote:
> On Tue, Nov 2, 2010 at 1:43 PM, Ray...oh, well so the 8.1 pg is doing something strange then. the only other thing
I can think of is that maybe the rules in pg_hba are top down and it hits
a rule before the one you are reporting. I'm not exactly sure that's how
it works, but that would expain the problem.