| From: | "James B(dot) Byrne" <byrnejb(at)harte-lyne(dot)ca> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: PG84 and SSL on CentOS-5.5 was PG84 and SELinux |
| Date: | 2010-12-08 02:48:21 |
| Message-ID: | 61591.70.50.88.137.1291776501.squirrel@webmail.harte-lyne.ca |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
I have now tracked down and resolved the problem. There were clues
to the solution in the error message but I lacked sufficient
experience with ssl to realize it. The error was an uncommented
line in /etc/pki/tls/openssl.cnf that depended upon an environment
variable (ALTNAME) being set (subjectAltName=$ENV::ALTNAME). This
was line 270 in that file. Note the error message:
> Auto configuration failed
> 29006:error:0E065068:configuration file routines:STR_COPY:variable
> has no value:conf_def.c:629:line 207
Given what I know now I infer that conf_def is the variable that
holds the actual file name of whatever configuration file is passed
to openssl. The error message would have been far more informative
had it provided the variable value rather than the variable name.
And, I have no idea why PG84 choked on this and PG81 did not.
Anyway, our upgraded PG84 service is now running with ssl enabled.
Many thanks for the hints and suggestions. They did in fact
eventually point me in the right direction.
--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB(at)Harte-Lyne(dot)ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Fujii Masao | 2010-12-08 02:58:56 | Re: Postgresql 9.1 pg_last_xact_replay_timestamp limitations |
| Previous Message | ray | 2010-12-08 02:45:35 | Service Doesn't Start |