| From: | Apurva Paralkar <apurva12mar(at)gmail(dot)com> |
|---|---|
| To: | pgsql-odbc(at)postgresql(dot)org |
| Subject: | Fwd: Connection string parameter sslrootcert does not work |
| Date: | 2017-01-18 19:29:02 |
| Message-ID: | CAEnV6tZMEbmWuALUTBmjNk-q4Av7JHN0x7y9zO8_JdW4rSrPkA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-odbc |
Hi,
I'm trying to programmatically connect to an RDS Postgres instance with SSL
enabled, using the psqlodbc driver (Version:
postgresql94-odbc-09.03.0400-1PGDG.rhel6.x86_64.rpm).
I’m having trouble with the sslrootcert parameter.
To enable SSL for a Postgres connection, I appended the following
parameters to the connection string:
sslmode=verify-ca;sslrootcert=<location of root certificate on the client>
The root certificate exists as a .pem file.
In addition, I also enabled the debug and comm logs:
debug=1;commlog=1
The resulting logs showed the following error:
…
00028427: 2017-01-17T21:16:57 [SERVER ]I: Going to connect to
ODBC connection string: Driver={PostgreSQL Unicode(x64)};Server=<
hostname>;Port=-<port>;Database=<database-name>;
UseDeclareFetch=1;Fetch=10000;Uid=<username>;Pwd=****;
sslmode=verify-ca;sslrootcert=<location of root.pem file on the
client>;debug=1;commlog=1
00028427: 2017-01-17T21:16:57 [SERVER ]E: RetCode: SQL_ERROR
SqlState: 08001 NativeError: 101 Message: [unixODBC]root certificate file
"/home/<current-user>/.postgresql/root.crt" does not exist
Either provide the file or change sslmode to disable server certificate
verification. [122502] ODBC general error.
00028427: 2017-01-17T21:16:57 [SERVER ]E: Failed to connect
[122506] Network error has occurred
…
Does this mean the driver cannot recognize the sslrootcert parameter being
passed to it? Why does it still refer to the default location of the root
certificate? I even tried putting the root certificate in the default
location, but it still failed with the same error above.
I was looking up this issue and found a similar thread that was open 3
years ago: https://www.postgresql.org/message-id/5462D5AA.2040602%
40tpf.co.jp. The contributor there had mentioned that there was no option
to specify path name. Is that still the case?
I found another thread which talked about adding support for the sslxxxxxx
parameters:
https://www.postgresql.org/message-id/CAB7nPqSF%2BVLH5TB0rDPF2UaMhjoBCJSJNCeL9NYh6WqEuPUL7w%40mail.gmail.com
Is there an update on this?
Thanks,
Apurva
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Adrian Klaver | 2017-01-18 20:01:52 | Re: Fwd: Connection string parameter sslrootcert does not work |
| Previous Message | Paralkar, Apurva | 2017-01-18 19:12:54 | Connection string parameter sslrootcert does not work |