Re: [7.3] can't connect with SSL

We did overhaul the SSL code for 7.3, and I was able to get it working
using OpenSSL 0.9.6e 30 Jul 2002. Have you read the new SSL
documentation in 7.3?

---------------------------------------------------------------------------

valerian wrote:
> I just upgraded my server from 7.2.1 to 7.3 last night, and can no longer
> connect over SSL (unencrypted connections still work ok, but I really need
> SSL). I get the following error messages when I try to connect:
>
> psql (PostgreSQL client) 7.2.1
> psql: could not establish SSL connection: No SSL error reported
>
> serverlog:
> FATAL: failed to initialize SSL connection: wrong version number
>
> I have the same version of openssl on both the client and server
> machines. Both are running Debian 3.0, with these libs:
> - libssl-dev 0.9.6c-2.woody SSL development libraries, header files
> - libssl0.9.6 0.9.6c-2.woody SSL shared libraries
> - openssl 0.9.6c-2.woody Secure Socket Layer (SSL) binary and related
>
> My server configuration is like so (everything else is default):
>
> pg_hba.conf:
> # TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD
> local all all crypt
> hostssl all all 0.0.0.0 0.0.0.0 md5
>
> postgresql.conf:
> tcpip_socket = true
> ssl = true
>
> It was of course also configured for use with SSL:
> /configure --with-perl --with-openssl=/usr/include/openssl
> checking for SSL_library_init in -lssl... yes
> checking openssl/ssl.h usability... yes
> checking openssl/ssl.h presence... yes
> checking for openssl/ssl.h... yes
> checking openssl/err.h usability... yes
> checking openssl/err.h presence... yes
> checking for openssl/err.h... yes
>
> Now it sounds to me like this is an SSL handshake problem, but I don't
> see why, because I have exactly the same version of openssl on both the
> client and server machines. On my client machine, I still have v7.2.1
> of 'psql' (the client binary) as that's what came bundled with my
> operating system. I'm fairly certain that's not what's causing the
> problem though (or is it?)
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 3: if posting/reading through Usenet, please send an appropriate
> subscribe-nomail command to majordomo(at)postgresql(dot)org so that your
> message can get through to the mailing list cleanly
>

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073