[Pgpool-hackers] [PATCH 1/3] Fix documentation typo in sample config files
Tatsuo Ishii
ishii at sraoss.co.jp
Mon Feb 1 00:25:26 UTC 2010
> Could it be server.crt vs server.cert (i see both in what you pasted
> below). Perhaps not but couldn't help but ask :)
What an ideot I am! You are correct. Now I see:
SSL connection (cipher: AES256-SHA, bits: 256)
when I connect to pgpool using psql. Thanks!
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese: http://www.sraoss.co.jp
> I think generally speaking the error reporting could use improvement;
> there's some strerror type functions in openssl that ill try to make
> use of in a subsequent patch.
>
> I'll look into this a bit more (along with your previous mail)
> tomorrow or tuesday.
>
> sean
>
> --
> This mail was sent from a mobile device
>
> 31 jan 2010 kl. 14.19 skrev Tatsuo Ishii <ishii at sraoss.co.jp>:
>
> > Sean,
> >
> >>> I haven't touched any of the pg_hba.conf code yet, so I'm guessing
> >>> that
> >>> we'll need to add a bit more to support the hostssl/hostnossl config
> >>> options (and in the meantime the previous behavior is probably
> >>> still there,
> >>> whatever it may be).
> >>
> >> Ok. I don't think hostssl/hostnossl support is mandatory anyway.
> >>
> >> Another questions.
> >>
> >> If SSL support is disabled in PostgreSQL and SSL support is enabled
> >> on
> >> frontend and pgool, what will happen? My guess is, communication
> >> between frontend and pgpool is SSL ciphered, but between pgpool and
> >> PostgreSQL is not.
> >>
> >> What will happen if one of PostgreSQL supports SSL but others do not?
> >>
> >> BTW, I have committed your last patches with "show pool_status"
> >> support. Can you verify CVS HEAD?
> >
> > I have tried frontend->pgpool SSL support but I got following error:
> >
> > pool_ssl: SSL cert failure: 33558530
> >
> > I have created server.key and server.cert file and let pgpool.conf
> > point them:
> >
> > ssl_key = '/usr/local/etc/server.key'
> > ssl_cert = '/usr/local/etc/server.cert'
> >
> > server.key and server.cert file were created as follows:
> >
> > openssl genrsa -out server.key 1024
> > openssl req -new -key server.key -x509 -days 365 -out server.crt
> >
> > This way, pgpool sucessfully connects to PostgreSQL with SSL enabled.
> >
> > Am I missing something?
> > --
> > Tatsuo Ishii
> > SRA OSS, Inc. Japan
> > English: http://www.sraoss.co.jp/index_en.php
> > Japanese: http://www.sraoss.co.jp
More information about the Pgpool-hackers
mailing list