Re: stunnel with just postgresql client part

From: zhong ming wu <mr(dot)z(dot)m(dot)wu(at)gmail(dot)com>
To: Merlin Moncure <mmoncure(at)gmail(dot)com>
Cc: pgsql-general <pgsql-general(at)postgresql(dot)org>
Subject: Re: stunnel with just postgresql client part
Date: 2011-05-09 23:17:31
Message-ID: BANLkTik_7W9_yUG5NqehskW9w6eSgUQf=w@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

On Mon, May 9, 2011 at 6:42 PM, Merlin Moncure <mmoncure(at)gmail(dot)com> wrote:
>> Thanks.  Yes, when I installed the latest stunnel-4.36 it works.
>>
>> One strange thing I notice.  When I do ssl connect with psql I am
>> supposed to get a message like
>>
>> SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)
>>
>> With client side stunnel and (nonssl capable) psql I am not getting
>> this message.  But still the connection seems to be ssl..
>
> it is? try setting up your connection string to require ssl.
>

I assume it is because in pg_hba.conf "hostssl" is specified for this
client ip/user/database. Plus I check ps output on the server during
the connection and postgres server reports that connection is from the
ip address specified in pg_hba.conf

Here is what I tried
---------------
PGSSLMODE=require bin/psql -h 127.0.0.1 -U xmpp xmpp
psql: server does not support SSL, but SSL was required
--------------

Just so I don't get confused between multiple lines in pg_hba.conf I
also deleted all other lines in it and retested. Assuming postgres
server is correctly applying the restrictions in pg_hba.conf, and
assuming the out put of "ps" is reliable then I am doing an ssl
connection but somehow psql does not think so and does not work unless
I drop PGSSLMODE=require

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Iain Barnett 2011-05-10 00:10:23 pg_upgrade only to 9.0 ?
Previous Message Merlin Moncure 2011-05-09 22:42:49 Re: stunnel with just postgresql client part