Quick Links

Re: stunnel with just postgresql client part

From:	zhong ming wu <mr(dot)z(dot)m(dot)wu(at)gmail(dot)com>
To:	pgsql-general <pgsql-general(at)postgresql(dot)org>
Subject:	Re: stunnel with just postgresql client part
Date:	2011-05-09 20:24:04
Message-ID:	BANLkTimxp_fVjfdqe1aYW1N7X_YcFQJ6Lw@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general

On Mon, May 9, 2011 at 2:01 PM, Merlin Moncure <mmoncure(at)gmail(dot)com> wrote:
.
.
.
>> It seems to be shame that I have to run stunnel on the pg box as well.
>>
>> My question is that client only stunnel to pg server requiring ssl
>> connection is not expected to work? Or am I doing something wrong?
>
> what version stunnel? did you set the protocol in stunnel.conf?
>

stunnel-4.15-2.el5.1

I was not setting protocol. But since I got your message, I tried
'protocol = pgsql' in stunnel.conf

Still no go..

In stunnel log, there is now new part about 'protocol pgsql not
supported in client mode'

----------------
2011.05.09 16:20:48 LOG7[8758:3086231248]: postgres accepted FD=7 from
127.0.0.1:50693
2011.05.09 16:20:48 LOG7[8758:3086228368]: postgres started
2011.05.09 16:20:48 LOG7[8758:3086228368]: FD 7 in non-blocking mode
2011.05.09 16:20:48 LOG7[8758:3086228368]: FD 8 in non-blocking mode
2011.05.09 16:20:48 LOG7[8758:3086228368]: FD 9 in non-blocking mode
2011.05.09 16:20:48 LOG7[8758:3086231248]: Cleaning up the signal pipe
2011.05.09 16:20:48 LOG6[8758:3086231248]: Child process 8761 finished
with code 0
2011.05.09 16:20:48 LOG7[8758:3086228368]: Connection from
127.0.0.1:50693 permitted by libwrap
2011.05.09 16:20:48 LOG5[8758:3086228368]: postgres connected from
127.0.0.1:50693
2011.05.09 16:20:48 LOG7[8758:3086228368]: FD 8 in non-blocking mode
2011.05.09 16:20:48 LOG7[8758:3086228368]: postgres connecting 10.10.10.10:5433
2011.05.09 16:20:48 LOG7[8758:3086228368]: connect_wait: waiting 10 seconds
2011.05.09 16:20:48 LOG7[8758:3086228368]: connect_wait: connected
2011.05.09 16:20:48 LOG7[8758:3086228368]: Remote FD=8 initialized
2011.05.09 16:20:48 LOG5[8758:3086228368]: Negotiations for pgsql
(client side) started
2011.05.09 16:20:48 LOG3[8758:3086228368]: Protocol pgsql not
supported in client mode
2011.05.09 16:20:48 LOG5[8758:3086228368]: Connection reset: 0 bytes
sent to SSL, 0 bytes sent to socket
2011.05.09 16:20:48 LOG7[8758:3086228368]: postgres finished (0 left)

---
postgres server log
LOG: could not receive data from client: Connection reset by peer
LOG: incomplete startup packet
-----

output from psql

psql: server closed the connection unexpectedly
This probably means the server terminated abnormally
before or while processing the request.
----

In response to

Re: stunnel with just postgresql client part at 2011-05-09 18:01:23 from Merlin Moncure

Responses

Re: stunnel with just postgresql client part at 2011-05-09 20:37:15 from Merlin Moncure

Browse pgsql-general by date

	From	Date	Subject
Next Message	Merlin Moncure	2011-05-09 20:37:15	Re: stunnel with just postgresql client part
Previous Message	Merlin Moncure	2011-05-09 20:15:33	Re: simple update query too long