Thread: ssl support
Listers, Has anyone managed to connect in using ssl to a remote database, or is it just me? I see that the snapshot is compiles with ssl support, but I can only connect via unencrypted means. I have installed Openssl 0.9.7d on the windows client, and the remote server. Connecting from a linux client doesn't have this problem. Any ideas on this would be gratfully received. Cheers, Steve
Steve Holdoway <steve@treshna.com> writes: > Has anyone managed to connect in using ssl to a remote database, or is > it just me? I'd say "it's just you", but since I have little experience with using this stuff on Windoze, there may be some platform issues involved too. > I see that the snapshot is compiles with ssl support, but I > can only connect via unencrypted means. This is *not* a sufficient report --- tell us exactly what you tried and what error messages you get. The contents of the server's pg_hba.conf file might be enlightening as well. regards, tom lane
Tom Lane wrote: >Steve Holdoway <steve@treshna.com> writes: > > >>Has anyone managed to connect in using ssl to a remote database, or is >>it just me? >> >> > >I'd say "it's just you", but since I have little experience with using >this stuff on Windoze, there may be some platform issues involved too. > > > >>I see that the snapshot is compiles with ssl support, but I >>can only connect via unencrypted means. >> >> > >This is *not* a sufficient report --- tell us exactly what you tried and >what error messages you get. The contents of the server's pg_hba.conf >file might be enlightening as well. > > regards, tom lane > >---------------------------(end of broadcast)--------------------------- >TIP 8: explain analyze is your friend > > 1. Download and install openssl-0.9.7d. 2. Download todays snapshot from hagander.net, and install. 3. with relevant entry in pg_hba.conf... host all all 192.168.1.0 255.255.255.0 trust a. Windoze psql -U... -d... -h... database Welcome to psql 7.5devel, the PostgreSQL interactive terminal. Type: \copyright for distribution terms \h for help with SQL commands \? for help on internal slash commands \g or terminate with semicolon to execute query \q to quit Warning: Console codepage (437) differs from windows codepage (1252) 8-bit characters will not work correctly. See PostgreSQL documentation "Installation on Windows" for details. db# b. Linux psql -U... -d... -h... database Welcome to psql 7.4.2, the PostgreSQL interactive terminal. Type: \copyright for distribution terms \h for help with SQL commands \? for help on internal slash commands \g or terminate with semicolon to execute query \q to quit SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256) db# 4. with relevant entry in pg_hba.conf... hostssl all all 192.168.1.0 255.255.255.0 trust a. Windows psql -U... -d... -h... database psql: FATAL: no pg_hba.conf entry for host "192.168.1.24", user ..., database ..., SSL off b. Linux psql -U... -d... -h... database Welcome to psql 7.4.2, the PostgreSQL interactive terminal. Type: \copyright for distribution terms \h for help with SQL commands \? for help on internal slash command \g or terminate with semicolon to execute query \q to quit SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256) db# I have tried this on a number of linux clients, some of whom have had ssl enabled in postgres, and some who haven't. All use ssl connections. I can only assume that there is a step on the Windoze client that I've missed out on. Steve
> -----Original Message----- > From: pgsql-hackers-win32-owner@postgresql.org > [mailto:pgsql-hackers-win32-owner@postgresql.org] On Behalf > Of Tom Lane > Sent: 28 June 2004 04:52 > To: Steve Holdoway > Cc: pgsql-hackers-win32@postgresql.org > Subject: Re: [pgsql-hackers-win32] ssl support > > Steve Holdoway <steve@treshna.com> writes: > > Has anyone managed to connect in using ssl to a remote > database, or is > > it just me? > > I'd say "it's just you", but since I have little experience > with using this stuff on Windoze, there may be some platform > issues involved too. I believe Merlin is currently not including SSL support in the snapshot despite what the download page says. Regards, Dave
> > Steve Holdoway <steve@treshna.com> writes: > > > Has anyone managed to connect in using ssl to a remote > > database, or is > > > it just me? > > > > I'd say "it's just you", but since I have little experience > > with using this stuff on Windoze, there may be some platform > > issues involved too. > > I believe Merlin is currently not including SSL support in the snapshot > despite what the download page says. That is correct, but today I'll address that. The issue with SSL is receiving signals while the connection is waiting. If that works then everything is good to go. Merlin
Dave Page wrote: > > > >I believe Merlin is currently not including SSL support in the snapshot >despite what the download page says. > > > You can discover the actual configuration setup used in the distribution by examining the file bin/pg_config cheers andrew