Re: [7.3] can't connect with SSL - Mailing list pgsql-general
| From | Bruce Momjian |
|---|---|
| Subject | Re: [7.3] can't connect with SSL |
| Date | |
| Msg-id | 200212061744.gB6HiDx21797@candle.pha.pa.us Whole thread Raw |
| In response to | [7.3] can't connect with SSL (valerian <valerian2@hotpop.com>) |
| Responses |
Re: [7.3] can't connect with SSL
|
| List | pgsql-general |
We did overhaul the SSL code for 7.3, and I was able to get it working using OpenSSL 0.9.6e 30 Jul 2002. Have you read the new SSL documentation in 7.3? --------------------------------------------------------------------------- valerian wrote: > I just upgraded my server from 7.2.1 to 7.3 last night, and can no longer > connect over SSL (unencrypted connections still work ok, but I really need > SSL). I get the following error messages when I try to connect: > > psql (PostgreSQL client) 7.2.1 > psql: could not establish SSL connection: No SSL error reported > > serverlog: > FATAL: failed to initialize SSL connection: wrong version number > > I have the same version of openssl on both the client and server > machines. Both are running Debian 3.0, with these libs: > - libssl-dev 0.9.6c-2.woody SSL development libraries, header files > - libssl0.9.6 0.9.6c-2.woody SSL shared libraries > - openssl 0.9.6c-2.woody Secure Socket Layer (SSL) binary and related > > My server configuration is like so (everything else is default): > > pg_hba.conf: > # TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD > local all all crypt > hostssl all all 0.0.0.0 0.0.0.0 md5 > > postgresql.conf: > tcpip_socket = true > ssl = true > > It was of course also configured for use with SSL: > /configure --with-perl --with-openssl=/usr/include/openssl > checking for SSL_library_init in -lssl... yes > checking openssl/ssl.h usability... yes > checking openssl/ssl.h presence... yes > checking for openssl/ssl.h... yes > checking openssl/err.h usability... yes > checking openssl/err.h presence... yes > checking for openssl/err.h... yes > > Now it sounds to me like this is an SSL handshake problem, but I don't > see why, because I have exactly the same version of openssl on both the > client and server machines. On my client machine, I still have v7.2.1 > of 'psql' (the client binary) as that's what came bundled with my > operating system. I'm fairly certain that's not what's causing the > problem though (or is it?) > > > ---------------------------(end of broadcast)--------------------------- > TIP 3: if posting/reading through Usenet, please send an appropriate > subscribe-nomail command to majordomo@postgresql.org so that your > message can get through to the mailing list cleanly > -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073
pgsql-general by date: