Thread: SSL Connection / Windows + Cygwin + PostgreSQL 7.4 Beta 1 question
Hello: I'm trying to establish a TLS connection to PostgreSQL 7.4 beta 1 on windows and Cygwin using C#, i have configured PostgreSQL as it's explained here: http://developer.postgresql.org/docs/postgres/ssl-tcp.html There are anything more that is needed to be done in order to run SSL/TLS connections to a PostgreSQL server?? Seems that i can start to establish the connection and receive the ServerHello message but i get always an io exception ( from C# sockets ) when i sent the Client Finished TLS message ( if i try to connect to a inet ssl server like ssl.netcraft.com:443 i can complete the Handshake protocol ) any idea of what can i ave bad configure or i'm doing bad ?? Now two questions about SSL Request message: 1. I'm getting as response an 'S' instead of an 'Y' is this ok ?? 2. In which format are sent the error messages for an SSL Request ?? (I ask this because i think they are sent in 2.0 format i'm rigth??) Thanks in advance. -- Best regards Carlos Guzmán Álvarez Vigo-Spain
Carlos Guzman Alvarez <carlosga@telefonica.net> writes:
> Now two questions about SSL Request message:
> 1. I'm getting as response an 'S' instead of an 'Y' is this ok ??
Doesn't sound right. A recent (7.1 or later) postmaster will always
return 'Y' or 'N'. Older postmasters will not recognize the SSLRequest
code and will return an 'E' message bleating about bad protocol number.
> 2. In which format are sent the error messages for an SSL Request ?? (I
> ask this because i think they are sent in 2.0 format i'm rigth??)
Always 2.0, because only a pre-7.1 postmaster will return an error.
It's not clear to me that you really need to bother to parse the
message, though. The only thing you can do is close the connection
and try again non-SSL (or fail if you don't want non-SSL).
regards, tom lane
Hello: > Doesn't sound right. A recent (7.1 or later) postmaster will always > return 'Y' or 'N'. Older postmasters will not recognize the SSLRequest > code and will return an 'E' message bleating about bad protocol number. Huummmm ... ok, i'm going to reinstall it from latest snapshot :) > Always 2.0, because only a pre-7.1 postmaster will return an error. > It's not clear to me that you really need to bother to parse the > message, though. The only thing you can do is close the connection > and try again non-SSL (or fail if you don't want non-SSL). Ok, thanks, really i don't need to parse it but it's no bad to know that the message is sent with 2.0 format :) -- Best regards Carlos Guzmán Álvarez Vigo-Spain
Barry Lind <blind@xythos.com> writes:
> I also see S and N, and do for the database versions I have tested
> against (7.2, 7.3 and 7.4). I always thought this was just a doc bug
> with the FE/BE protocol docs.
[checks code] ... You are right. I will fix the docs.
regards, tom lane
Tom, I also see S and N, and do for the database versions I have tested against (7.2, 7.3 and 7.4). I always thought this was just a doc bug with the FE/BE protocol docs. --Barry Tom Lane wrote: > Carlos Guzman Alvarez <carlosga@telefonica.net> writes: > >>Now two questions about SSL Request message: > > >>1. I'm getting as response an 'S' instead of an 'Y' is this ok ?? > > > Doesn't sound right. A recent (7.1 or later) postmaster will always > return 'Y' or 'N'. Older postmasters will not recognize the SSLRequest > code and will return an 'E' message bleating about bad protocol number. > > >>2. In which format are sent the error messages for an SSL Request ?? (I >>ask this because i think they are sent in 2.0 format i'm rigth??) > > > Always 2.0, because only a pre-7.1 postmaster will return an error. > It's not clear to me that you really need to bother to parse the > message, though. The only thing you can do is close the connection > and try again non-SSL (or fail if you don't want non-SSL). > > regards, tom lane > > ---------------------------(end of broadcast)--------------------------- > TIP 9: the planner will ignore your desire to choose an index scan if your > joining column's datatypes do not match >
Hello: A last question i'm reviewing why i can finish the TLS Handshake protocol, i have these two entries in the postgres log: LOG: could not load root cert file "/usr/local/pgsql/data/root.crt": No such file or directory LOG: could not initialize SSL connection: tls rsa encrypted value length is wrong I think this can be only a problem with test certificate (that i have created as is explained at http://developer.postgresql.org/docs/postgres/ssl-tcp.html )?? there are any other way for create it ?? -- Best regards Carlos Guzmán Álvarez Vigo-Spain