Re: SSL Mode - Mailing list pgsql-admin
| From | Bruce Momjian |
|---|---|
| Subject | Re: SSL Mode |
| Date | |
| Msg-id | 200212232227.gBNMRhH00527@candle.pha.pa.us Whole thread Raw |
| In response to | Re: SSL Mode (Bruce Momjian <pgman@candle.pha.pa.us>) |
| Responses |
Re: SSL Mode
|
| List | pgsql-admin |
Patch attached. Will appear in 7.3.2 and 7.4. --------------------------------------------------------------------------- Bruce Momjian wrote: > Dan Langille wrote: > > On Mon, 23 Dec 2002, Tom Lane wrote: > > > > > "Rob Abernethy IV" <abernethy@dynedge.com> writes: > > > > I cannot get the postmaster to start up in SSL mode. I receive the following > > > > error: > > > > bad permissions on private key file (/var/lib/pgsql/data/server.key) > > > > > > > -rw-r--r-- 1 postgres postgres 3223 Dec 18 17:10 server.crt > > > > -rw-r--r-- 1 postgres postgres 887 Dec 18 17:10 server.key > > > > > > I think it wants the private key file to be mode 600 or less --- a > > > world-readable private key isn't very private, hmm? > > > > Is this a good candidate for error message improvement? > > Yes. I will take care of it. > > -- > Bruce Momjian | http://candle.pha.pa.us > pgman@candle.pha.pa.us | (610) 359-1001 > + If your life is a hard drive, | 13 Roberts Road > + Christ can be your backup. | Newtown Square, Pennsylvania 19073 > > ---------------------------(end of broadcast)--------------------------- > TIP 1: subscribe and unsubscribe commands go to majordomo@postgresql.org > -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073 Index: src/backend/libpq/be-secure.c =================================================================== RCS file: /cvsroot/pgsql-server/src/backend/libpq/be-secure.c,v retrieving revision 1.20 diff -c -c -r1.20 be-secure.c *** src/backend/libpq/be-secure.c 18 Dec 2002 13:15:12 -0000 1.20 --- src/backend/libpq/be-secure.c 23 Dec 2002 22:13:12 -0000 *************** *** 616,622 **** if (!S_ISREG(buf.st_mode) || (buf.st_mode & 0077) || buf.st_uid != getuid()) { ! postmaster_error("bad permissions on private key file (%s)", fnbuf); ExitPostmaster(1); } if (!SSL_CTX_use_PrivateKey_file(SSL_context, fnbuf, SSL_FILETYPE_PEM)) --- 616,624 ---- if (!S_ISREG(buf.st_mode) || (buf.st_mode & 0077) || buf.st_uid != getuid()) { ! postmaster_error("bad permissions on private key file (%s)\n" ! "File must be owned by the proper user and must have no permissions for\n" ! "\"group\" or \"other\".", fnbuf); ExitPostmaster(1); } if (!SSL_CTX_use_PrivateKey_file(SSL_context, fnbuf, SSL_FILETYPE_PEM))
pgsql-admin by date: