[pgpool-general: 2805] Re: PgPool SSL problems: library refuses to load, even though enabled

Rick Morris rmorris at kss-inc.com
Mon May 5 13:33:22 JST 2014 

That is good news.

Thanks, Tatsuo.


On Sun, May 4, 2014 at 7:11 AM, Tatsuo Ishii <ishii at postgresql.org> wrote:

> Rick,
>
> > On more inspection, it appears that even though the pgpool RPM was linked
> > to the SSL library when compiled, the --with-openssl directive was not
> > enabled. I compiled pgpool from source with the openssl directive, and
> now
> > have no problem with SSL connections.
> >
> > In the future, I hope the PgPool team will consider releasing an
> > SSL-enabled RPM for download, as it makes widespread deployment of PgPool
> > much easier in an enterprise.
>
> Sorry for the inconvenience. I have uploaded SSL-enabled RPM.
>
> http://www.pgpool.net/mediawiki/index.php/Downloads
>
> pgpool-II-pg93-3.3.3-2.pgdg.x86_64.rpm
> pgpool-II-pg93-devel-3.3.3-2.pgdg.x86_64.rpm
> pgpool-II-pg93-3.3.3-2.pgdg.src.rpm
>
> Please try.
>
> Best regards,
> --
> Tatsuo Ishii
> SRA OSS, Inc. Japan
> English: http://www.sraoss.co.jp/index_en.php
> Japanese: http://www.sraoss.co.jp
>
> > Best regards,
> >
> > Rick Morris
> >
> >
> > On Thu, May 1, 2014 at 4:12 PM, Rick Morris <rmorris at kss-inc.com> wrote:
> >
> >> Hi All,
> >>
> >> I can't get PgPool to support SSL connections, even though I follow the
> >> documented steps perfectly.
> >>
> >> Scenario: 2 PostgreSQL servers with streaming replication (primary ->
> >> standby), PgPool in load-balancing mode. Everything works fine with
> non-SSL
> >> connections.
> >>
> >> 1. In the case of requiring SSL connections from the Postgres servers,
> >> connection attempts just fail with "pool_do_auth: maybe protocol version
> >> mismatch (current version 3)" while on the server side I see
> >>
> >> "FATAL:  no pg_hba.conf entry for host "192.168.10.10", user "postgres",
> >> database "template1", SSL off"
> >> (connection set to hostssl in pg_hba.conf).
> >>
> >>
> >> 2. In the case of enabling local SSL connections to PgPool, I configure
> >> pgpool.conf with
> >>
> >> ssl = true
> >> ssl_key = '/etc/pgpool-II/server.key'
> >> ssl_cert = '/etc/pgpool-II/server.crt'
> >> (with self-signed cert, same as in the Postgres servers)
> >>
> >> And when I connect locally to PgPool, the log shows
> >>
> >> "pool_ssl: SSL requested but SSL support is not available"
> >>
> >> And when I turn on debugging (set to 1 or 2 in pgpool.conf) I do not see
> >> SSL mentioned in the reported config keys during startup.
> >>
> >>
> >> System: Centos 6.5,
> >>
> >> Installed binaries:
> >> pgpool-II-pg93-3.3.3-1.pgdg.x86_64
> >> postgresql93.x86_64   9.3.4-1PGDG.rhel6 @pgdg93
> >>
> >> postgresql93-contrib.x86_64
> >> postgresql93-libs.x86_64
> >>
> >> Library check:
> >> [root at server ~]# ldd /usr/bin/pgpool
> >> linux-vdso.so.1 =>(0x00007fff32f1c000)
> >> libpq.so.5 => /usr/pgsql-9.3/lib/libpq.so.5 (0x00007f2e121f0000)
> >> libpcp.so.0 => /usr/lib64/libpcp.so.0 (0x0000003663c00000)
> >> libpthread.so.0 => /lib64/libpthread.so.0 (0x0000003662800000)
> >> libpam.so.0 => /lib64/libpam.so.0 (0x0000003667400000)
> >> libcrypt.so.1 => /lib64/libcrypt.so.1 (0x0000003664800000)
> >> libresolv.so.2 => /lib64/libresolv.so.2 (0x0000003664000000)
> >> libnsl.so.1 => /lib64/libnsl.so.1 (0x0000003665400000)
> >> libm.so.6 => /lib64/libm.so.6 (0x0000003663000000)
> >> libc.so.6 => /lib64/libc.so.6 (0x0000003662400000)
> >> libssl.so.10 => /usr/lib64/libssl.so.10 (0x0000003669400000)
> >> libcrypto.so.10 => /usr/lib64/libcrypto.so.10 (0x0000003668400000)
> >> libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x0000003668000000)
> >> libldap_r-2.4.so.2 => /lib64/libldap_r-2.4.so.2 (0x0000003665000000)
> >> /lib64/ld-linux-x86-64.so.2 (0x0000003661c00000)
> >> libaudit.so.1 => /lib64/libaudit.so.1 (0x0000003666400000)
> >> libdl.so.2 => /lib64/libdl.so.2 (0x0000003662000000)
> >> libfreebl3.so => /lib64/libfreebl3.so (0x0000003664c00000)
> >> libkrb5.so.3 => /lib64/libkrb5.so.3 (0x0000003668c00000)
> >> libcom_err.so.2 => /lib64/libcom_err.so.2 (0x0000003664400000)
> >> libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x0000003669000000)
> >> libz.so.1 => /lib64/libz.so.1 (0x0000003663400000)
> >> libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x0000003668800000)
> >> libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x0000003667c00000)
> >> liblber-2.4.so.2 => /lib64/liblber-2.4.so.2 (0x0000003669c00000)
> >> libssl3.so => /usr/lib64/libssl3.so (0x0000003667000000)
> >> libsmime3.so => /usr/lib64/libsmime3.so (0x0000003667800000)
> >> libnss3.so => /usr/lib64/libnss3.so (0x0000003665c00000)
> >> libnssutil3.so => /usr/lib64/libnssutil3.so (0x0000003665800000)
> >> libplds4.so => /lib64/libplds4.so (0x0000003666000000)
> >> libplc4.so => /lib64/libplc4.so (0x0000003666800000)
> >> libnspr4.so => /lib64/libnspr4.so (0x0000003666c00000)
> >> libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x0000003669800000)
> >> libselinux.so.1 => /lib64/libselinux.so.1 (0x0000003663800000)
> >> librt.so.1 => /lib64/librt.so.1 (0x0000003662c00000)
> >>
> >> PgPool master process
> >> /usr/bin/pgpool -f /etc/pgpool-II/pgpool.conf -n
> >>
> >> I am at a loss. Is there anything else I can look for to figure out why
> >> SSL is not loading?
> >>
> >> Thanks
> >>
> >> Rick Morris
> >>
> >
> > --
> >
> >
> >
> > Confidentiality Statement
> > This email and any files transmitted with it are confidential and
> intended
> > solely for the use of the individual or entity to whom they are
> addressed.
> > If you have received this email in error please notify the system
> manager.
> > This message contains confidential information and is intended only for
> the
> > individual named. If you are not the named addressee you should not
> > disseminate, distribute or copy this e-mail. Please notify the sender
> > immediately by e-mail if you have received this e-mail by mistake and
> > delete this e-mail from your system. If you are not the intended
> recipient
> > you are notified that disclosing, copying, distributing or taking any
> > action in reliance on the contents of this information is strictly
> > prohibited.
> > KnowledgeSource, 580 Harrison Ave, Boston MA 02118
> >
>

-- 



Confidentiality Statement
This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. 
If you have received this email in error please notify the system manager. 
This message contains confidential information and is intended only for the 
individual named. If you are not the named addressee you should not 
disseminate, distribute or copy this e-mail. Please notify the sender 
immediately by e-mail if you have received this e-mail by mistake and 
delete this e-mail from your system. If you are not the intended recipient 
you are notified that disclosing, copying, distributing or taking any 
action in reliance on the contents of this information is strictly 
prohibited.
KnowledgeSource, 580 Harrison Ave, Boston MA 02118

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.sraoss.jp/pipermail/pgpool-general/attachments/20140505/d65171f7/attachment.html>

More information about the pgpool-general mailing list