| From: | zhong ming wu <mr(dot)z(dot)m(dot)wu(at)gmail(dot)com> |
|---|---|
| To: | Merlin Moncure <mmoncure(at)gmail(dot)com> |
| Cc: | pgsql-general <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: stunnel with just postgresql client part |
| Date: | 2011-05-09 23:17:31 |
| Message-ID: | BANLkTik_7W9_yUG5NqehskW9w6eSgUQf=w@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Mon, May 9, 2011 at 6:42 PM, Merlin Moncure <mmoncure(at)gmail(dot)com> wrote:
>> Thanks. Yes, when I installed the latest stunnel-4.36 it works.
>>
>> One strange thing I notice. When I do ssl connect with psql I am
>> supposed to get a message like
>>
>> SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)
>>
>> With client side stunnel and (nonssl capable) psql I am not getting
>> this message. But still the connection seems to be ssl..
>
> it is? try setting up your connection string to require ssl.
>
I assume it is because in pg_hba.conf "hostssl" is specified for this
client ip/user/database. Plus I check ps output on the server during
the connection and postgres server reports that connection is from the
ip address specified in pg_hba.conf
Here is what I tried
---------------
PGSSLMODE=require bin/psql -h 127.0.0.1 -U xmpp xmpp
psql: server does not support SSL, but SSL was required
--------------
Just so I don't get confused between multiple lines in pg_hba.conf I
also deleted all other lines in it and retested. Assuming postgres
server is correctly applying the restrictions in pg_hba.conf, and
assuming the out put of "ps" is reliable then I am doing an ssl
connection but somehow psql does not think so and does not work unless
I drop PGSSLMODE=require
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Iain Barnett | 2011-05-10 00:10:23 | pg_upgrade only to 9.0 ? |
| Previous Message | Merlin Moncure | 2011-05-09 22:42:49 | Re: stunnel with just postgresql client part |