Re: configuring openssl for postgres 9.2 for the first time

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On Jan 30, 2014, at 2:00 PM, Mark Steben <mark.steben@xxxxxxxxxxxxxxxxx> wrote:

Hello,

We are looking to provide openssl methodology into our testing environment.  I've run into this issue
when attempting to access from a client to a remote postgres server after SSL configuration:

from client 10.10.4.34:
psql -U postgres marktst -h 10.10.4.52
psql: FATAL:  no pg_hba.conf entry for host "10.10.4.34", user "postgres", database "marktst", SSL off



You might back off from ssl, client authentication just to see what happens with:

hostssl  all                all          0.0.0.0/0             md5 clientcert=1

this will provide the client auth of the server and require a password auth for the client.  Hopefully that works first.  I've seen your msg and had some effect with the following env variable, but it's probably a long shot: 

"PGSSLMODE behaves the same as the sslmode"
PGSSLMODE=verify-full will cause the client to verify that the CN on the server certificate matches the hostname of the server.  disable will only try a non-SSL connection which will not be compatible with the pg_hba config.

It is a bit of a fishing expedition.

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux