[Pgpool-hackers] [PATCH 1/3] Fix documentation typo in sample config files

Tatsuo Ishii ishii at sraoss.co.jp
Mon Feb 1 00:25:26 UTC 2010 

> Could it be server.crt vs server.cert (i see both in what you pasted  
> below). Perhaps not but couldn't help but ask :)

What an ideot I am! You are correct. Now I see:

SSL connection (cipher: AES256-SHA, bits: 256)

when I connect to pgpool using psql. Thanks!
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese: http://www.sraoss.co.jp

> I think generally speaking the error reporting could use improvement;  
> there's some strerror type functions in openssl that ill try to make  
> use of in a subsequent patch.
> 
> I'll look into this a bit more (along with your previous mail)  
> tomorrow or tuesday.
> 
>    sean
> 
> -- 
> This mail was sent from a mobile device
> 
> 31 jan 2010 kl. 14.19 skrev Tatsuo Ishii <ishii at sraoss.co.jp>:
> 
> > Sean,
> >
> >>> I haven't touched any of the pg_hba.conf code yet, so I'm guessing  
> >>> that
> >>> we'll need to add a bit more to support the hostssl/hostnossl config
> >>> options (and in the meantime the previous behavior is probably  
> >>> still there,
> >>> whatever it may be).
> >>
> >> Ok. I don't think hostssl/hostnossl support is mandatory anyway.
> >>
> >> Another questions.
> >>
> >> If SSL support is disabled in PostgreSQL and SSL support is enabled  
> >> on
> >> frontend and pgool, what will happen? My guess is, communication
> >> between frontend and pgpool is SSL ciphered, but between pgpool and
> >> PostgreSQL is not.
> >>
> >> What will happen if one of PostgreSQL supports SSL but others do not?
> >>
> >> BTW, I have committed your last patches with "show pool_status"
> >> support. Can you verify CVS HEAD?
> >
> > I have tried frontend->pgpool SSL support but I got following error:
> >
> > pool_ssl: SSL cert failure: 33558530
> >
> > I have created server.key and server.cert file and let pgpool.conf
> > point them:
> >
> > ssl_key = '/usr/local/etc/server.key'
> > ssl_cert = '/usr/local/etc/server.cert'
> >
> > server.key and server.cert file were created as follows:
> >
> > openssl genrsa -out server.key 1024
> > openssl req -new -key server.key -x509 -days 365 -out server.crt
> >
> > This way, pgpool sucessfully connects to PostgreSQL with SSL enabled.
> >
> > Am I missing something?
> > --
> > Tatsuo Ishii
> > SRA OSS, Inc. Japan
> > English: http://www.sraoss.co.jp/index_en.php
> > Japanese: http://www.sraoss.co.jp

More information about the Pgpool-hackers mailing list