Thread: 8.1dev ssl broke?

8.1dev ssl broke?

From

"Joshua D. Drake"

Date:

07 July 2005, 16:30:47

I pulled cvs today and performed the following:

./configure --with-openssl --prefix=/tmp/pgsqldev
make install
cd /tmp/pgsqldev
initdb --no-locale -D data -l data/serverlog

pg_hba.conf lines:

# "local" is for Unix domain socket connections only
#local   all         all                               trust
# IPv4 local connections:
hostssl   all         all         127.0.0.1/32        trust
# IPv6 local connections:
host    all         all         ::1/128               trust

postgresql.conf

listen_addresses = 'localhost'  # what IP interface(s) to listen on;                                # defaults to
localhost,'*' = any
 
port = 5432
ssl = on


When I try to connect I get:


LOG:  redo record is at 0/34D73C; undo record is at 0/0; shutdown TRUE
LOG:  next transaction ID: 561; next OID: 16385
LOG:  next MultiXactId: 1; next MultiXactOffset: 0
LOG:  database system is ready
LOG:  transaction ID wrap limit is 2147484132, limited by database 
"postgres"
LOG:  invalid entry in file "/tmp/pgsqldev/data/pg_hba.conf" at line 73, 
token "hostssl"
FATAL:  missing or erroneous pg_hba.conf file
HINT:  See server log for details.
DEBUG:  forked new backend, pid=26717 socket=6
DEBUG:  server process (PID 26717) exited with exit code 0

If I change the entries to:

# "local" is for Unix domain socket connections only
#local   all         all                               trust
# IPv4 local connections:
host   all         all         127.0.0.1/32        trust
# IPv6 local connections:
host    all         all         ::1/128               trust

Everything works fine.

Sincerely,

Joshua D. Drake


-- 
Your PostgreSQL solutions company - Command Prompt, Inc. 1.800.492.2240
PostgreSQL Replication, Consulting, Custom Programming, 24x7 support
Managed Services, Shared and Dedicated Hosting
Co-Authors: plPHP, plPerlNG - http://www.commandprompt.com/

Re: 8.1dev ssl broke?

From

"Joshua D. Drake"

Date:

07 July 2005, 16:36:29

FYI: I also followed the instructions per:

http://developer.postgresql.org/docs/postgres/ssl-tcp.html

Joshua D. Drake wrote:
> I pulled cvs today and performed the following:
> 
> ./configure --with-openssl --prefix=/tmp/pgsqldev
> make install
> cd /tmp/pgsqldev
> initdb --no-locale -D data -l data/serverlog
> 
> pg_hba.conf lines:
> 
> # "local" is for Unix domain socket connections only
> #local   all         all                               trust
> # IPv4 local connections:
> hostssl   all         all         127.0.0.1/32        trust
> # IPv6 local connections:
> host    all         all         ::1/128               trust
> 
> postgresql.conf
> 
> listen_addresses = 'localhost'  # what IP interface(s) to listen on;
>                                 # defaults to localhost, '*' = any
> port = 5432
> ssl = on
> 
> 
> When I try to connect I get:
> 
> 
> LOG:  redo record is at 0/34D73C; undo record is at 0/0; shutdown TRUE
> LOG:  next transaction ID: 561; next OID: 16385
> LOG:  next MultiXactId: 1; next MultiXactOffset: 0
> LOG:  database system is ready
> LOG:  transaction ID wrap limit is 2147484132, limited by database 
> "postgres"
> LOG:  invalid entry in file "/tmp/pgsqldev/data/pg_hba.conf" at line 73, 
> token "hostssl"
> FATAL:  missing or erroneous pg_hba.conf file
> HINT:  See server log for details.
> DEBUG:  forked new backend, pid=26717 socket=6
> DEBUG:  server process (PID 26717) exited with exit code 0
> 
> If I change the entries to:
> 
> # "local" is for Unix domain socket connections only
> #local   all         all                               trust
> # IPv4 local connections:
> host   all         all         127.0.0.1/32        trust
> # IPv6 local connections:
> host    all         all         ::1/128               trust
> 
> Everything works fine.
> 
> Sincerely,
> 
> Joshua D. Drake
> 
> 


-- 
Your PostgreSQL solutions company - Command Prompt, Inc. 1.800.492.2240
PostgreSQL Replication, Consulting, Custom Programming, 24x7 support
Managed Services, Shared and Dedicated Hosting
Co-Authors: plPHP, plPerlNG - http://www.commandprompt.com/

Re: 8.1dev ssl broke?

From

Michael Fuhr

Date:

07 July 2005, 17:10:47

On Thu, Jul 07, 2005 at 12:30:35PM -0700, Joshua D. Drake wrote:
> I pulled cvs today and performed the following:
> 
> ./configure --with-openssl --prefix=/tmp/pgsqldev

Did the build actually find OpenSSL?  Does "ldd postgres" show it
linked against libcrypto and libssl (I'm assuming those are shared
libraries on your system)?

> LOG:  invalid entry in file "/tmp/pgsqldev/data/pg_hba.conf" at line 73, 
> token "hostssl"

No problems here with the latest HEAD.  Is it possible that you're
running a non-SSL enabled postmaster, either because the build didn't
find OpenSSL or because the postmaster you ran is from a different
build?

-- 
Michael Fuhr
http://www.fuhr.org/~mfuhr/

Re: 8.1dev ssl broke?

From

"Joshua D. Drake"

Date:

07 July 2005, 17:21:47

Michael Fuhr wrote:
> On Thu, Jul 07, 2005 at 12:30:35PM -0700, Joshua D. Drake wrote:
> 
>>I pulled cvs today and performed the following:
>>
>>./configure --with-openssl --prefix=/tmp/pgsqldev
> 
> 
> Did the build actually find OpenSSL?  Does "ldd postgres" show it
> linked against libcrypto and libssl (I'm assuming those are shared
> libraries on your system)?

Bingo... I didn't think about the ldd. **notes** make clean before
recompiling ;)

Sincerely,

Joshua D. Drake




-- 
Your PostgreSQL solutions company - Command Prompt, Inc. 1.800.492.2240
PostgreSQL Replication, Consulting, Custom Programming, 24x7 support
Managed Services, Shared and Dedicated Hosting
Co-Authors: plPHP, plPerlNG - http://www.commandprompt.com/