vishal saberwal wrote: > hi, > tom and many others helped me with someting similar to this. > > Check for the following: > (a) in /usr/lib check what libpq you have installed. It should be > libpq3.2 or higher. If it is not, you can copy from your compiled source > and then create the symbolic links there. > (b) Try using etheral and see what is going through and what is > happening. It really helps. > (c) You need to have keys on each (client and server side). What > certificates are you using (self signed or commercial). I did mine with > self-signed and it worked. My certificates go in /var/lib/pgsql > (d) Have your pg_hba.conf set up for openssl. > (e) Have the connection string give sslmode=allow > (f) when you use psql, use /usr/local/pgsql/bin/psql instead of directly > writing psql (that searches in /usr/bin in my machine and it isnt the > right version) ... Thanks for these insightful clues. I've already adopted a workaround suggested by Tom... but is always good to know. > [root@localhost DBApi]# ls -l /usr/lib/libpq* > -rw-r--r-- 1 postgres root 1480452 Mar 10 2004 /usr/lib/libpq.a > lrwxrwxrwx 1 postgres root 21 Aug 29 15:00 /usr/lib/libpq.so -> > /usr/lib/libpq.so.3.2 > lrwxrwxrwx 1 postgres root 21 Aug 29 14:59 /usr/lib/libpq.so.3 -> > /usr/lib/libpq.so.3.2 > -rwxr-xr-x 1 postgres root 113988 Mar 10 2004 /usr/lib/libpq.so.3.1 > -rwxr-xr-x 1 postgres root 122177 Aug 26 12:55 /usr/lib/libpq.so.3.2 > > "allow" attempts a non-SSL connection first, whereas > "prefer" attempts an SSL connection first. If the server permits > non-SSL connections then "allow" will get you connected as non-SSL > without ever attempting SSL. > > thanks, > vish ---------------------------(end of broadcast)--------------------------- TIP 2: Don't 'kill -9' the postmaster
