Thread: solaris and openssl
I’m trying to get the 9.03.0300 odbc driver to work with ssl on solaris. I get it to build fine. But as soon as I add the sslmode connection option I’m getting rejected on the client end with the generic error. I don’t see anything in the server logs (log_connections is turned on).
could not connect to server:
No such file or directory Is the server running on host "<hostname>"
(<ip_address>) and accepting TCP/IP connections on port 5432?
I know the server is up and running and accepting ssl connections because I can connect to it from windows and linux both with and without ssl. And the connection works fine without the sslmode option from solaris.
ldd doesn’t report any missing shared objects. Nor does truss, though it appears from the truss log it may be searching the odbcinst for something. I can’t seem to locate any unixodbc or postgresql doc that indicates any ssl odbcinst settings.
Any ideas?
On 09/17/2014 08:09 AM, Keith Handlon wrote: > I’m trying to get the 9.03.0300 odbc driver to work with ssl on > solaris. I get it to build fine. But as soon as I add the sslmode > connection option I’m getting rejected on the client end with the > generic error. I don’t see anything in the server logs (log_connections > is turned on). > > could not connect to server: > > No such file or directory Is the server running on host "<hostname>" > > (<ip_address>) and accepting TCP/IP connections on port 5432? Is your server running on port 5432? > > I know the server is up and running and accepting ssl connections > because I can connect to it from windows and linux both with and without > ssl. And the connection works fine without the sslmode option from solaris. What is the sslmode you are using? What are your pg_hba.conf settings that cover the solaris client? > > ldd doesn’t report any missing shared objects. Nor does truss, though > it appears from the truss log it may be searching the odbcinst for > something. I can’t seem to locate any unixodbc or postgresql doc that > indicates any ssl odbcinst settings. > > Any ideas? > -- Adrian Klaver adrian.klaver@aklaver.com
Yes, the server is running on port 5432. The server is setup using self-signed certificate. Any option for sslmode but disabled returns that error. Allow, prefer,require, etc... The servers hba_pg.conf is set up like so: # "local" is for Unix domain socket connections only local all all md5 # IPv4 local connections: host all all 127.0.0.1/32 md5 # IPv6 local connections: #host all all ::1/128 md5 # Allow replication connections from localhost, by a user with the # replication privilege. #local replication dbmsowner md5 #host replication dbmsowner 127.0.0.1/32 md5 #host replication dbmsowner ::1/128 md5 # host all all all md5 hostssl all all ::1/128 trust
On 09/17/2014 08:27 AM, Keith Handlon wrote: > Yes, the server is running on port 5432. Not sure that it matters, but what machine is the server running on? In other words is solaris a remote client? > > The server is setup using self-signed certificate. Any option for sslmode but disabled returns that error. Allow, prefer,require, etc... > > The servers hba_pg.conf is set up like so: > > # "local" is for Unix domain socket connections only > local all all md5 > # IPv4 local connections: > host all all 127.0.0.1/32 md5 > # IPv6 local connections: > #host all all ::1/128 md5 > # Allow replication connections from localhost, by a user with the > # replication privilege. > #local replication dbmsowner md5 > #host replication dbmsowner 127.0.0.1/32 md5 > #host replication dbmsowner ::1/128 md5 > # > host all all all md5 > hostssl all all ::1/128 trust > Not seeing anything obvious. What is the rest of your connection string? > > -- Adrian Klaver adrian.klaver@aklaver.com
Yes, it's a remote client. The server is running on a linux machine. Example connection string: DRIVER=PostgreSQL;SERVER=<hostname>;UID=<user>;PWD=<password>;DATABASE=postgres;PORT=5432;SSLMODE=allow -----Original Message----- From: Adrian Klaver [mailto:adrian.klaver@aklaver.com] Sent: Wednesday, September 17, 2014 11:40 AM To: Keith Handlon; pgsql-odbc@postgresql.org Subject: Re: [ODBC] solaris and openssl On 09/17/2014 08:27 AM, Keith Handlon wrote: > Yes, the server is running on port 5432. Not sure that it matters, but what machine is the server running on? In other words is solaris a remote client? > > The server is setup using self-signed certificate. Any option for sslmode but disabled returns that error. Allow, prefer,require, etc... > > The servers hba_pg.conf is set up like so: > > # "local" is for Unix domain socket connections only > local all all md5 > # IPv4 local connections: > host all all 127.0.0.1/32 md5 > # IPv6 local connections: > #host all all ::1/128 md5 > # Allow replication connections from localhost, by a user with the # > replication privilege. > #local replication dbmsowner md5 > #host replication dbmsowner 127.0.0.1/32 md5 > #host replication dbmsowner ::1/128 md5 > # > host all all all md5 > hostssl all all ::1/128 trust > Not seeing anything obvious. What is the rest of your connection string? > > -- Adrian Klaver adrian.klaver@aklaver.com
On 09/17/2014 06:44 PM, Keith Handlon wrote: > Yes, it's a remote client. The server is running on a linux machine. > > Example connection string: > DRIVER=PostgreSQL;SERVER=<hostname>;UID=<user>;PWD=<password>;DATABASE=postgres;PORT=5432;SSLMODE=allow Can you connect with psql from the same client host? - Heikki
On 09/17/2014 08:44 AM, Keith Handlon wrote: > Yes, it's a remote client. The server is running on a linux machine. > > Example connection string: > DRIVER=PostgreSQL;SERVER=<hostname>;UID=<user>;PWD=<password>;DATABASE=postgres;PORT=5432;SSLMODE=allow > I know you said it built ok, but did it build with ssl? A peek into config.log might be in order. -- Adrian Klaver adrian.klaver@aklaver.com
Yes it did. I got it to work against a server I set up on the same solaris machine. Though I had to set up the <home>/.postgesql/postgresql.crtand postgresql.key. As it gave me informative error messages. Though that seems odd forSelf-signed Cert, as I need nothing to connect with ssl from windows. Still get that same generic error against the linux server though. -----Original Message----- From: Adrian Klaver [mailto:adrian.klaver@aklaver.com] Sent: Wednesday, September 17, 2014 11:57 AM To: Keith Handlon; pgsql-odbc@postgresql.org Subject: Re: [ODBC] solaris and openssl On 09/17/2014 08:44 AM, Keith Handlon wrote: > Yes, it's a remote client. The server is running on a linux machine. > > Example connection string: > DRIVER=PostgreSQL;SERVER=<hostname>;UID=<user>;PWD=<password>;DATABASE=postgres;PORT=5432;SSLMODE=allow > I know you said it built ok, but did it build with ssl? A peek into config.log might be in order. -- Adrian Klaver adrian.klaver@aklaver.com