[Pgpool-general] SSL communication between clients and pgpool-II

Tatsuo Ishii ishii at sraoss.co.jp
Mon Mar 14 23:05:21 UTC 2011 

> Please accept my apologies : my server.cert file was not the good one
> (not generated with the server.key file... damn it! :) )
> May be it would be nice if some debug could be printed in the log?

Thank you for suggetion. Do you have any suggestion for patching
pool_ssl.c? I am not famililar with the file and any suggestions will
greatly help us.

> Once again, thank you for PgPool-II!

You are welcome:-)
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese: http://www.sraoss.co.jp

> /Erwan
> 
> 
> On 03/11/2011 06:46 PM, Erwan wrote:
>> Hi there,
>>
>> I'm a total beginner with pgpool-II which I would like to use as a
>> full load balancer for my read queries.
>> Everything works great and now I try to have a full SSL communication
>> between my client and pgpool-II.
>>
>> To do this I recompile it with the following configure command:
>> ./configure --prefix=/usr/local/pgpool-II-3.0.3_with_ssl
>> --with-openssl
>> make
>> make install
>>
>> Then I change my pgpool.conf:
>> ...
>> ssl = true
>> ssl_key = '/usr/local/pgpool-II-3.0.3_with_ssl/etc/server.key'
>> ssl_cert = '/usr/local/pgpool-II-3.0.3_with_ssl/etc/server.cert'
>> ...
>>
>>
>> I launch pgpool-II with this command:
>> /usr/local/pgpool-II-3.0.3_with_ssl/bin/pgpool -f
>> /usr/local/pgpool-II-3.0.3_with_ssl/etc/pgpool.conf -F
>> /usr/local/pgpool-II-3.0.3_with_ssl/etc/pcp.conf -c >>
>> /tmp/pgpool-II.log 2>&1 &
>>
>>
>> Thanks to wireshark, I can read the network stream between my client
>> and pgpool-II... and I can see that my password is transferred in
>> clear text with my new SSL configuration.
>> I got nothing special in my log (about misconfiguration or something
>> else...) so I'm a little lost.
>>
>> I presume I did something wrong or maybe forgot something or most
>> probably I didn't understand something.
>> Any clue about secured communication between client and pgpool-II will
>> be greatly appreciated.
>> And per advance forgive my question if it's a stupid one :)
>>
>> Thanks
>> /Erwan
>> _______________________________________________
>> Pgpool-general mailing list
>> Pgpool-general at pgfoundry.org
>> http://pgfoundry.org/mailman/listinfo/pgpool-general
> _______________________________________________
> Pgpool-general mailing list
> Pgpool-general at pgfoundry.org
> http://pgfoundry.org/mailman/listinfo/pgpool-general

More information about the Pgpool-general mailing list