Thread: ssl support

ssl support

From

Steve Holdoway

Date:

28 June 2004, 10:44:57

Listers,

Has anyone managed to connect in using ssl to a remote database, or is
it just me? I see that the snapshot is compiles with ssl support, but I
can only connect via unencrypted means.

I have installed Openssl 0.9.7d on the windows client, and the remote
server. Connecting from a linux client doesn't have this problem.

Any ideas on this would be gratfully received.

Cheers,

Steve

Re: ssl support

From

Tom Lane

Date:

28 June 2004, 10:52:02

Steve Holdoway <steve@treshna.com> writes:
> Has anyone managed to connect in using ssl to a remote database, or is
> it just me?

I'd say "it's just you", but since I have little experience with using
this stuff on Windoze, there may be some platform issues involved too.

> I see that the snapshot is compiles with ssl support, but I
> can only connect via unencrypted means.

This is *not* a sufficient report --- tell us exactly what you tried and
what error messages you get.  The contents of the server's pg_hba.conf
file might be enlightening as well.

            regards, tom lane

Re: ssl support

From

Steve Holdoway

Date:

28 June 2004, 11:19:19

Tom Lane wrote:

>Steve Holdoway <steve@treshna.com> writes:
>
>
>>Has anyone managed to connect in using ssl to a remote database, or is
>>it just me?
>>
>>
>
>I'd say "it's just you", but since I have little experience with using
>this stuff on Windoze, there may be some platform issues involved too.
>
>
>
>>I see that the snapshot is compiles with ssl support, but I
>>can only connect via unencrypted means.
>>
>>
>
>This is *not* a sufficient report --- tell us exactly what you tried and
>what error messages you get.  The contents of the server's pg_hba.conf
>file might be enlightening as well.
>
>            regards, tom lane
>
>---------------------------(end of broadcast)---------------------------
>TIP 8: explain analyze is your friend
>
>
1. Download and install openssl-0.9.7d.
2. Download todays snapshot from hagander.net, and install.

3. with relevant entry in pg_hba.conf...
host    all         all         192.168.1.0       255.255.255.0     trust

a. Windoze
psql -U... -d... -h... database
Welcome to psql 7.5devel, the PostgreSQL interactive terminal.

Type:  \copyright for distribution terms
       \h for help with SQL commands
       \? for help on internal slash commands
       \g or terminate with semicolon to execute query
       \q to quit

Warning: Console codepage (437) differs from windows codepage (1252)
       8-bit characters will not work correctly. See PostgreSQL
       documentation "Installation on Windows" for details.

db#

b. Linux
psql -U... -d... -h... database
Welcome to psql 7.4.2, the PostgreSQL interactive terminal.

Type:  \copyright for distribution terms
       \h for help with SQL commands
       \? for help on internal slash commands
       \g or terminate with semicolon to execute query
       \q to quit

SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)

db#

4. with relevant entry in pg_hba.conf...
hostssl    all         all         192.168.1.0       255.255.255.0     trust

a. Windows
psql -U... -d... -h... database
psql: FATAL:  no pg_hba.conf entry for host "192.168.1.24", user ...,
database ..., SSL off

b. Linux
psql -U... -d... -h... database
Welcome to psql 7.4.2, the PostgreSQL interactive terminal.

Type:  \copyright for distribution terms
       \h for help with SQL commands
       \? for help on internal slash command
       \g or terminate with semicolon to execute query
       \q to quit

SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)

db#


I have tried this on a number of linux clients, some of whom have had
ssl enabled in postgres, and some who haven't.  All use ssl connections.

I can only assume that there is a step on the Windoze client that I've
missed out on.

Steve

Re: ssl support

From

"Dave Page"

Date:

28 June 2004, 15:13:32


> -----Original Message-----
> From: pgsql-hackers-win32-owner@postgresql.org
> [mailto:pgsql-hackers-win32-owner@postgresql.org] On Behalf
> Of Tom Lane
> Sent: 28 June 2004 04:52
> To: Steve Holdoway
> Cc: pgsql-hackers-win32@postgresql.org
> Subject: Re: [pgsql-hackers-win32] ssl support
>
> Steve Holdoway <steve@treshna.com> writes:
> > Has anyone managed to connect in using ssl to a remote
> database, or is
> > it just me?
>
> I'd say "it's just you", but since I have little experience
> with using this stuff on Windoze, there may be some platform
> issues involved too.

I believe Merlin is currently not including SSL support in the snapshot
despite what the download page says.

Regards, Dave

Re: ssl support

From

"Merlin Moncure"

Date:

28 June 2004, 19:09:06

> > Steve Holdoway <steve@treshna.com> writes:
> > > Has anyone managed to connect in using ssl to a remote
> > database, or is
> > > it just me?
> >
> > I'd say "it's just you", but since I have little experience
> > with using this stuff on Windoze, there may be some platform
> > issues involved too.
>
> I believe Merlin is currently not including SSL support in the
snapshot
> despite what the download page says.

That is correct, but today I'll address that.  The issue with SSL is
receiving signals while the connection is waiting.  If that works then
everything is good to go.

Merlin

Re: ssl support

From

Andrew Dunstan

Date:

28 June 2004, 20:33:10

Dave Page wrote:

>
>
>
>I believe Merlin is currently not including SSL support in the snapshot
>despite what the download page says.
>
>
>

You can discover the actual configuration setup used in the distribution
by examining the file bin/pg_config

cheers

andrew