Search Postgresql Archives

SV: SV: SV: SV: Problem with ssl and psql in Postgresql 13

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,


I did a final test before logging out for Christmas because i found a thread in hackers discussing some issue with GSS and SSL.

So if i set gssencmode=disable on my pgsql-13 to postgres 13 server connection i get an SSL connection.


Is this expected behaviour?


$ /usr/pgsql-13/bin/psql "dbname=postgres user=kalle host=server gssencmode=disable"
Password for user kalle: 
psql (13.1)
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, compression: off)
Type "help" for help.

postgres=>

KR, Mikael Gustavsson, SMHI



Från: externaly-forwarded@xxxxxxx <externaly-forwarded@xxxxxxx> för Gustavsson Mikael <mikael.gustavsson@xxxxxxx>
Skickat: den 22 december 2020 09:07:17
Till: Tom Lane
Kopia: Magnus Hagander; Kyotaro Horiguchi; pgsql-general@xxxxxxxxxxxxxx; Svensson Peter
Ämne: SV: SV: SV: SV: Problem with ssl and psql in Postgresql 13
 

Hi, 


Yes it´s odd. I think we begin with download/reinstall and take it from there.

The server name is just letters and numbers so I think we can rule that out. 


Christmas is coming up fast as usual so I think I will pick this up in January.

Thanks for all the help and Happy Christmas! Or God Jul as we say in Sweden.


KR 

Mikael Gustavsson, SMHI


Från: Tom Lane <tgl@xxxxxxxxxxxxx>
Skickat: den 18 december 2020 21:02:50
Till: Gustavsson Mikael
Kopia: Magnus Hagander; Kyotaro Horiguchi; pgsql-general@xxxxxxxxxxxxxx; Svensson Peter
Ämne: Re: SV: SV: SV: Problem with ssl and psql in Postgresql 13
 
Gustavsson Mikael <mikael.gustavsson@xxxxxxx> writes:
> pgsql-13 with require:
> $ /usr/pgsql-13/bin/psql "dbname=postgres user=kalle host=server sslmode=require"
> Password for user kalle:
> psql (13.1)
> Type "help" for help.

That is just bizarre.  libpq should not ignore the sslmode=require option
like that, unless it thinks it's making a Unix-socket connection, which
it should not think given the host specification.  (There's not a slash
in your server's real name, is there?  But if there was, v11 should
misbehave too.)

It seems like there must be some environment setting, or maybe a service
file, changing the behavior from what it should be on its face.  But
that theory has big flaws too: an explicit sslmode=require setting should
not be overridable from environment, and even if it was, why wouldn't v11
act the same?

The only other conclusion I can think of is that your copy of libpq.so
is broken.  Maybe you should try redownloading/reinstalling v13.

                        regards, tom lane



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]

  Powered by Linux