Quick Links

stunnel with just postgresql client part

From:	zhong ming wu <mr(dot)z(dot)m(dot)wu(at)gmail(dot)com>
To:	pgsql-general <pgsql-general(at)postgresql(dot)org>
Subject:	stunnel with just postgresql client part
Date:	2011-05-09 14:35:54
Message-ID:	BANLkTinJnpQKsTW=5rzN43GdFZywYtgEng@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general

My postgresql client (ejabberd postgresql lib) does not seem to be
capable of ssl connection to postgresql server (with hostssl in
pg_hba)

So I tried to use run stunnel on the client box (ejabberd). It
appears not to work.

Here is stunnel log on the client end
------------------
2011.05.09 09:04:06 LOG7[7608:3086100176]: postgres accepted FD=7 from
127.0.0.1:41046
2011.05.09 09:04:06 LOG7[7608:3086097296]: postgres started
2011.05.09 09:04:06 LOG7[7608:3086097296]: FD 7 in non-blocking mode
2011.05.09 09:04:06 LOG7[7608:3086097296]: FD 8 in non-blocking mode
2011.05.09 09:04:06 LOG7[7608:3086097296]: FD 9 in non-blocking mode
2011.05.09 09:04:06 LOG7[7608:3086097296]: Connection from
127.0.0.1:41046 permitted by libwrap
2011.05.09 09:04:06 LOG5[7608:3086097296]: postgres connected from
127.0.0.1:41046
2011.05.09 09:04:06 LOG7[7608:3086097296]: FD 8 in non-blocking mode
2011.05.09 09:04:06 LOG7[7608:3086097296]: postgres connecting 10.10.10.10:5433
2011.05.09 09:04:06 LOG7[7608:3086097296]: connect_wait: waiting 10 seconds
2011.05.09 09:04:06 LOG7[7608:3086100176]: Cleaning up the signal pipe
2011.05.09 09:04:06 LOG6[7608:3086100176]: Child process 7614 finished
with code 0
2011.05.09 09:04:06 LOG7[7608:3086097296]: connect_wait: connected
2011.05.09 09:04:06 LOG7[7608:3086097296]: Remote FD=8 initialized
2011.05.09 09:04:06 LOG7[7608:3086097296]: SSL state (connect):
before/connect initialization
2011.05.09 09:04:06 LOG7[7608:3086097296]: SSL state (connect): SSLv3
write client hello A
2011.05.09 09:04:06 LOG3[7608:3086097296]: SSL_connect: Peer suddenly
disconnected
2011.05.09 09:04:06 LOG5[7608:3086097296]: Connection reset: 0 bytes
sent to SSL, 0 bytes sent to socket
2011.05.09 09:04:06 LOG7[7608:3086097296]: postgres finished (0 left)
----------------------

If required I can post postgresql server log.

It seems to be shame that I have to run stunnel on the pg box as well.

My question is that client only stunnel to pg server requiring ssl
connection is not expected to work? Or am I doing something wrong?

Thanks

mr.wu

Responses

Re: stunnel with just postgresql client part at 2011-05-09 18:01:23 from Merlin Moncure

Browse pgsql-general by date

	From	Date	Subject
Next Message	F T	2011-05-09 14:39:52	simple update query too long
Previous Message	Leonardo Francalanci	2011-05-09 14:32:38	Re: FILLFACTOR and increasing index