Re: Fwd: Connection string parameter sslrootcert does not work

Hi Apurva,

Sorry for the late reply.

On 2017/01/19 4:29, Apurva Paralkar wrote:
>
> Hi,
>
> I'm trying to programmatically connect to an RDS Postgres instance
> with SSL enabled, using the psqlodbc driver (Version:
> postgresql94-odbc-09.03.0400-1PGDG.rhel6.x86_64.rpm). I’m having
> trouble with the sslrootcert parameter.
>
>
> To enable SSL for a Postgres connection, I appended the following
> parameters to the connection string:
>
> sslmode=verify-ca;sslrootcert=<location of root certificate on the client>
>
> The root certificate exists as a .pem file.
>
>
> In addition, I also enabled the debug and comm logs:
>
> debug=1;commlog=1
>
>
> The resulting logs showed the following error:
>
> …
>
> 00028427: 2017-01-17T21:16:57 [SERVER ]I: Going to connect
> to ODBC connection string: Driver={PostgreSQL
> Unicode(x64)};Server=<hostname>;Port=-<port>;Database=<database-name>;UseDeclareFetch=1;Fetch=10000;Uid=<username>;Pwd=****;sslmode=verify-ca;sslrootcert=<location
> of root.pem file on the client>;debug=1;commlog=1
>
> 00028427: 2017-01-17T21:16:57 [SERVER ]E: RetCode:
> SQL_ERROR SqlState: 08001 NativeError: 101 Message: [unixODBC]root
> certificate file "/home/<current-user>/.postgresql/root.crt" does not
> exist
>
> Either provide the file or change sslmode to disable server
> certificate verification. [122502] ODBC general error.
>
> 00028427: 2017-01-17T21:16:57 [SERVER ]E: Failed to connect
> [122506] Network error has occurred
>
> …
>
>
> Does this mean the driver cannot recognize the sslrootcert parameter
> being passed to it?

Yes.
Now I'm planning to introduce a new option which specifies libpq
connection parameters as a conninfo style string
like
pqopt={sslrootcert=... sslcert=...}
.

regards,
Hiroshi Inoue