| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Michael Fuhr <mike(at)fuhr(dot)org> |
| Cc: | vishal saberwal <vishalsaberwal(at)gmail(dot)com>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: PQConnectdb SSL (sslmode): Is this a bug |
| Date: | 2005-08-26 20:25:22 |
| Message-ID: | 22484.1125087922@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Michael Fuhr <mike(at)fuhr(dot)org> writes:
> Is it possible that your program is linked against an old version
> of libpq? I can reproduce the above error with an otherwise working
> 8.0.3 setup if I link the program against a 7.4.8 libpq.
The CVS logs show quite a bit of work done on SSL support between 7.4
and 8.0, for instance:
2004-11-19 19:18 tgl
* src/: backend/libpq/be-secure.c, interfaces/libpq/fe-secure.c:
Improve error reporting for SSL connection failures. Remove
redundant free operations in client_cert_cb --- openssl will also
attempt to free these structures, resulting in core dumps.
2004-09-26 18:51 tgl
* doc/src/sgml/libpq.sgml, doc/src/sgml/runtime.sgml,
src/backend/libpq/be-secure.c, src/interfaces/libpq/fe-secure.c:
Fix multiple breakages in our support for SSL certificates.
My suspicion is that you need to be using 8.0 if you want any degree of
robustness in using SSL for certificate checking (as opposed to being
just an encrypted communications channel).
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2005-08-26 20:41:47 | Re: Postgresql Function Cookbook/General howto |
| Previous Message | Emi Lu | 2005-08-26 20:17:36 | About "ERROR: must be *superuser* to COPY to or from a file" |