<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Nov 4, 2022 at 1:37 PM Tatsuo Ishii <<a href="mailto:ishii@sraoss.co.jp">ishii@sraoss.co.jp</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">> Hi there,<br>
> I'm curious if there is any way to check if the frontend connection is<br>
> using TLS or not. Sofar I've found out that "ssl_key" is used in the log<br>
> message:<br>
<br>
I have no idea where "ssl_key" comes from. Can you share your setting<br>
of log_line_prefix in pgpool.conf, and what version of pgpool?<br></blockquote><div><br></div><div>Using pgpool bundled in the bitnami postgresql-ha chart - <a href="https://github.com/bitnami/charts/tree/main/bitnami/postgresql-ha">https://github.com/bitnami/charts/tree/main/bitnami/postgresql-ha</a>. Pgpool version is 4.3.2.</div><div><br></div><div>log_line_prefix variable is commented out in my config file thus assuming default is used:<br>I have no name!@tiger-db-pgpool-54cb799d45-6nwf2:/opt/bitnami/pgpool/conf$ cat pgpool.conf | grep -i log_line<br>#log_line_prefix = '%m: %a pid %p: ' # printf-style string to output at beginning of each log line.<br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
> 2022-11-04 11:21:25.954: ssl_key pid 159: LOG: new connection received<br>
> 2022-11-04 11:21:25.954: ssl_key pid 159: DETAIL: connecting host=[local]<br>
> 2022-11-04 11:21:35.123: ssl_key pid 150: LOG: new connection received<br>
> 2022-11-04 11:21:35.123: ssl_key pid 150: DETAIL: connecting host=[local]<br>
> 2022-11-04 11:21:45.151: ssl_key pid 156: LOG: new connection received<br>
> 2022-11-04 11:21:45.151: ssl_key pid 156: DETAIL: connecting host=[local]<br>
> 2022-11-04 11:21:57.399: psql pid 155: LOG: pool_ssl: "SSL_read": "no SSL<br>
> error reported"<br>
> 2022-11-04 11:22:45.257: ssl_key pid 154: LOG: new connection received<br>
> 2022-11-04 11:22:45.257: ssl_key pid 154: DETAIL: connecting host=[local]<br>
> <br>
> Is there a better way to check if the connection is secured by TLS or not?<br>
<br>
Unfortunately no except setting log_min_messages = debug1 in<br>
pgpool.conf but this will produce lots of other debug messages.<br></blockquote><div><br></div><div>Thanks, with debug1 I can see following:<br><table class="gmail-table gmail-table-chrome gmail-table-striped gmail-table-row-expanding events-results events-results-table gmail-hide-line-num" id="gmail-view10400-table" style="max-width:none;border-collapse:collapse;border-spacing:0px;width:auto;min-width:100%;margin-bottom:5px;border:none;table-layout:fixed;color:rgb(60,68,77);font-family:"Splunk Platform Sans","Proxima Nova",Roboto,Droid,"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px"><tbody class="gmail-shared-eventsviewer-list-body"><tr class="gmail-shared-eventsviewer-list-body-row" style="outline:0px"><td class="event" style="vertical-align:top;padding:6px 12px;line-height:20px;border:none">2022-11-04 14:37:17.558: psql pid 165: DETAIL: SSLRequest from client<br></td></tr><tr class="gmail-shared-eventsviewer-list-body-row" style="outline:0px"><td tabindex="0" class="expands" aria-expanded="false" style="vertical-align:top;padding:0px;line-height:20px;border-bottom:none;border-top:none;border-right:1px solid rgb(255,255,255);border-left:none"><a aria-label="Search Events Viewer Section" style="color:rgb(60,68,77);display:block;padding:6px 10px;width:15px;height:20px;text-align:center"><i class="gmail-icon-triangle-right-small" style="display:inline-block;line-height:inherit"></i></a></td></tr></tbody></table><br class="gmail-Apple-interchange-newline"> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
Best reagards,<br>
--<br>
Tatsuo Ishii<br>
SRA OSS LLC<br>
English: <a href="http://www.sraoss.co.jp/index_en/" rel="noreferrer" target="_blank">http://www.sraoss.co.jp/index_en/</a><br>
Japanese:<a href="http://www.sraoss.co.jp" rel="noreferrer" target="_blank">http://www.sraoss.co.jp</a><br>
</blockquote></div></div>