|
Hi, I did some more tests to try to narrow it down. For me it only added to the confusion but maybe it tells you something.
Test 1: I changed my pg_hba.conf from hostssl to host. Now I can connect but SSL is not used even if i use require.
pgsql-13: $ /usr/pgsql-13/bin/psql -d postgres -Ukalle -hserver
Password for user kalle:
psql (13.1)
Type "help" for help.
postgres=>
pgsql-13 with require:
$ /usr/pgsql-13/bin/psql "dbname=postgres user=kalle host=server sslmode=require"
Password for user kalle:
psql (13.1)
Type "help" for help.
postgres=>
pgsql-11 for reference:
$ /usr/pgsql-11/bin/psql -d postgres -Ukalle -hserver
Password for user kalle:
psql (11.10, server 13.1)
WARNING: psql major version 11, server major version 13.
Some psql features might not work.
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, compression: off)
Type "help" for help.
postgres=>
Test2: It works when i connect pgsql-13 client to a postgresql-11 server. So it´s only the combination pgsql-13 client and postgresql-13 server that does not work.
$ /usr/pgsql-13/bin/psql -d postgres -Ukalle -hserver11
Password for user kalle:
psql (13.1, server 11.10)
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, compression: off)
Type "help" for help.
postgres=>
Från: externaly-forwarded@xxxxxxx <externaly-forwarded@xxxxxxx> för Gustavsson Mikael <mikael.gustavsson@xxxxxxx>
Skickat: den 17 december 2020 17:33:13 Till: Tom Lane Kopia: Magnus Hagander; Kyotaro Horiguchi; pgsql-general@xxxxxxxxxxxxxx; Svensson Peter Ämne: SV: SV: SV: Problem with ssl and psql in Postgresql 13 Here is the result.
ldd /usr/pgsql-13/bin/psql
linux-vdso.so.1 (0x00007ffd714d5000)
libpq.so.5 => /usr/pgsql-13/lib/libpq.so.5 (0x00007f2d1700a000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f2d16dea000)
libreadline.so.7 => /lib64/libreadline.so.7 (0x00007f2d16b9b000)
libm.so.6 => /lib64/libm.so.6 (0x00007f2d16819000)
libc.so.6 => /lib64/libc.so.6 (0x00007f2d16456000)
libssl.so.1.1 => /lib64/libssl.so.1.1 (0x00007f2d161c2000)
libcrypto.so.1.1 => /lib64/libcrypto.so.1.1 (0x00007f2d15cdc000)
libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x00007f2d15a87000)
libldap_r-2.4.so.2 => /lib64/libldap_r-2.4.so.2 (0x00007f2d15830000)
/lib64/ld-linux-x86-64.so.2 (0x00007f2d1725b000)
libtinfo.so.6 => /lib64/libtinfo.so.6 (0x00007f2d15603000)
libz.so.1 => /lib64/libz.so.1 (0x00007f2d153ec000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f2d151e8000)
libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007f2d14eff000)
libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007f2d14ce8000)
libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007f2d14ae4000)
libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00007f2d148d3000)
libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007f2d146cf000)
libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f2d144b8000)
liblber-2.4.so.2 => /lib64/liblber-2.4.so.2 (0x00007f2d142a8000)
libsasl2.so.3 => /lib64/libsasl2.so.3 (0x00007f2d1408a000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f2d13e60000)
libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007f2d13c37000)
libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 (0x00007f2d139b3000)
ldd /usr/pgsql-13/lib/libpq.so.5
linux-vdso.so.1 (0x00007fff51f79000)
libssl.so.1.1 => /lib64/libssl.so.1.1 (0x00007f88432d1000)
libcrypto.so.1.1 => /lib64/libcrypto.so.1.1 (0x00007f8842deb000)
libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x00007f8842b96000)
libldap_r-2.4.so.2 => /lib64/libldap_r-2.4.so.2 (0x00007f884293f000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f884271f000)
libc.so.6 => /lib64/libc.so.6 (0x00007f884235c000)
libz.so.1 => /lib64/libz.so.1 (0x00007f8842145000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f8841f41000)
libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007f8841c58000)
libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007f8841a41000)
libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007f884183d000)
libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00007f884162c000)
libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007f8841428000)
libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f8841211000)
liblber-2.4.so.2 => /lib64/liblber-2.4.so.2 (0x00007f8841001000)
libsasl2.so.3 => /lib64/libsasl2.so.3 (0x00007f8840de3000)
/lib64/ld-linux-x86-64.so.2 (0x00007f88437b6000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f8840bb9000)
libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007f8840990000)
libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 (0x00007f884070c000)
/Mikael Från: Tom Lane <tgl@xxxxxxxxxxxxx>
Skickat: den 17 december 2020 17:25:31 Till: Gustavsson Mikael Kopia: Magnus Hagander; Kyotaro Horiguchi; pgsql-general@xxxxxxxxxxxxxx; Svensson Peter Ämne: Re: SV: SV: Problem with ssl and psql in Postgresql 13 Gustavsson Mikael <mikael.gustavsson@xxxxxxx> writes:
> $ /usr/pgsql-13/bin/psql "dbname=postgres user=kalle host=server sslmode=require" > psql: error: FATAL: no pg_hba.conf entry for host "nn.nnn.n.nnn", user "kalle", database "postgres", SSL off > FATAL: no pg_hba.conf entry for host "nn.nnn.n.nnn", user "kalle", database "postgres", SSL off It'd be useful to verify that that version of psql+libpq is actually built with ssl support. Try ldd /usr/pgsql-13/bin/psql and then repeat "ldd" on whichever libpq.so is mentioned in the output. regards, tom lane |
