Re: [ADMIN] Connecting via SSL not working (except from psql)

We are certainly interested in any patches once you are done. I don't
know about anyone else that is working on this currently.

thanks,
--Barry

Paul Legato wrote:

> Hi Magnus,
>
> Thanks for the help. I'll take a look at fe-connect.c and see if I can
> get my JDBC driver working.
>
> Is anyone within the Postgres project currently adding SSL support to
> JDBC? Anyone interested in the patches once I get everything working?
>
> -Paul
>
>
> Magnus Hagander wrote:
>
>> Hi!
>>
>> SSL is not enabled at connection time in pgsql - it is negotiatied with
>> the postmaster, and enabled later. You need to send a correctly
>> formatted start message in clear text to the postmaster to initiate the
>> SSL negotiation first, and turn on SSL after that (assuming the
>> postmaster reports that SSL is Ok).
>> This is done so the postmaster can listen for both SSL and non-SSL
>> connections on the same port.
>>
>> Take a look at how libpq does it. In 7.1.3, it starts at line 963 in
>> interfaces/libpq/fe-connect.c. (Sorry, don't have the source to a
>> newer version around right now - look
>> for comment on 'Attempt to negotiate SSL usage').
>>
>> //Magnus
>>
>>
>>> -----Original Message-----
>>> From: Paul Legato [mailto:plegato(at)nks(dot)net] Sent: Tuesday, August 06,
>>> 2002 5:47 PM
>>> To: pgsql-admin(at)postgresql(dot)org
>>> Cc: pgsql-jdbc(at)postgresql(dot)org
>>> Subject: [ADMIN] Connecting via SSL not working (except from psql)
>>>
>>>
>>> Hi,
>>>
>>> I'm trying to connect to SSL-enabled Postgres (started with -i -l)
>>> using both the openssl command line utility and with a modified JDBC
>>> driver using the built in JSSE API from Java 1.4.
>>>
>>> If I attempt to connect from a shell with the openssl test utility,
>>> I get:
>>>
>>> $ openssl s_client -connect localhost:5432
>>> CONNECTED(00000003)
>>> 25870:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
>>> protocol:s23_clnt.c:460:
>>>
>>> With the JDBC driver, at connection I get:
>>>
>>> javax.net.ssl.SSLException: Unrecognized SSL message, plaintext
>>> connection?
>>>
>>> In both cases, the server logs the message "FATAL 1: invalid length
>>> of startup packet".
>>>
>>> A connection to the server with psql works fine, and prints "SSL
>>> connection (cipher: DES-CBC3-SHA, bits: 168)" at startup. I've tried
>>> manually specifying this cipher to openssl, which does not change
>>> the result.
>>>
>>> I'm stuck. Any suggestions or pointers will be greatly appreciated. :)
>>>
>>> Thanks,
>>> -Paul
>>>
>>>
>>> ---------------------------(end of
>>> broadcast)---------------------------
>>> TIP 3: if posting/reading through Usenet, please send an appropriate
>>> subscribe-nomail command to majordomo(at)postgresql(dot)org so that your
>>> message can get through to the mailing list cleanly
>>>
>>
>
>
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 6: Have you searched our list archives?
>
> http://archives.postgresql.org
>