[pgpool-general: 1215] Re: Can't enable SSL connection

Tue Dec 4 08:48:21 JST 2012

> Hello,
> 
> I am unsuccessfully trying to enable SSL between some client and PostgreSQL
> through pgpool.
> 
> Versions installed :
> $ psql -V
> psql (PostgreSQL) 9.2.1
> 
> pgpool2 version 1.3-2 has been installed by deb package.

pgpool2 1.3? It's too old. The latest one is pgpool-II 3.2.1. Please try it.
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese: http://www.sraoss.co.jp

> PostgreSQL is apparently correctly configured to enable SSL communication.
> 
> $ psql -h localhost -U myuser postgres
> psql (9.2.1)
> Connexion SSL (chiffrement : DHE-RSA-AES256-SHA, bits : 256)
> Saisissez « help » pour l'aide.
> 
> But trying through pgpool, I can't enable SSL.
> 
> $ psql -h localhost -p 5433 -U myuser postgres
> psql (9.2.1)
> Type "help" for help.
> 
> Some configuration elements:
> In pgpool2.conf, I set
> listen_addresses = '*'
> port = 5433
> backend_hostname0 = 'localhost'
> backend_port0 = 5432
> ssl = on
> ssl_key = '/usr/local/etc/server.key'
> ssl_cert = '/usr/local/etc/server.crt'
> 
> In pool_hba.conf
> local   all         all                               trust
> host    all         all         127.0.0.1/32          trust
> hostssl    all         all         127.0.0.1/32       trust
> 
> Enabling or disabling pool_hba has no effect here.
> 
> When trying a connection, I get the following lines in log:
> Nov 28 11:14:34 myserver postgres[22053]: [12-1] user=[unknown],db=[unknown]
> LOG:  connection received: host=127.0.0.1 port=59850
> Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038:
> Protocol Major: 1234 Minor: 5679 database:  user:
> Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038:
> SSLRequest: sent N; retry startup
> Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038:
> Protocol Major: 3 Minor: 0 database: postgres user: myuser
> Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038:
> new_connection: connecting 0 backend
> Nov 28 11:14:34 myserver postgres[22053]: [13-1] user=myuser,db=postgres LOG:
>  connection authorized: user=myuser database=postgres
> Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038:
> pool_read_message_length: slot: 0 length: 12
> Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038: trying
> md5 authentication
> Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038: DB
> node id: 0 salt: a1f96491
> Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038:
> pool_read_message_length2: master slot: 0 length: 26
> Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038: 0 th
> backend: name: application_name value: psql
> Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038:
> pool_read_message_length2: master slot: 0 length: 30
> Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038: 0 th
> backend: name: client_encoding value: SQL_ASCII
> Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038:
> pool_read_message_length2: master slot: 0 length: 23
> Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038: 0 th
> backend: name: DateStyle value: ISO, DMY
> Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038:
> pool_read_message_length2: master slot: 0 length: 25
> Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038: 0 th
> backend: name: integer_datetimes value: on
> Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038:
> pool_read_message_length2: master slot: 0 length: 27
> Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038: 0 th
> backend: name: IntervalStyle value: postgres
> Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038:
> pool_read_message_length2: master slot: 0 length: 20
> Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038: 0 th
> backend: name: is_superuser value: on
> Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038:
> pool_read_message_length2: master slot: 0 length: 25
> Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038: 0 th
> backend: name: server_encoding value: UTF8
> Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038:
> pool_read_message_length2: master slot: 0 length: 25
> Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038: 0 th
> backend: name: server_version value: 9.2.1
> Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038:
> pool_read_message_length2: master slot: 0 length: 32
> Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038: 0 th
> backend: name: session_authorization value: myuser
> Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038:
> pool_read_message_length2: master slot: 0 length: 35
> Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038: 0 th
> backend: name: standard_conforming_strings value: on
> Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038:
> pool_read_message_length2: master slot: 0 length: 17
> Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038: 0 th
> backend: name: TimeZone value: GMT
> Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038:
> pool_read_message_length: slot: 0 length: 12
> Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038:
> pool_send_auth_ok: send pid 22053 to frontend
> Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038:
> select_load_balancing_node: selected backend id is 0
> Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038:
> read_kind_from_backend: read kind from 0 th backend Z NUM_BACKENDS: 1
> Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038:
> pool_process_query: kind from backend: Z
> Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038:
> pool_read_message_length: slot: 0 length: 5
> Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038:
> ReadyForQuery: message length: 5
> Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038:
> ReadyForQuery: transaction state: I
> Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038:
> pool_process_query: num_fds: 6
> 
> I probably missed some step, but I can't figure out which.
> 
> Is there any information I could give you to help me configure SSL connection
> to PostgreSQL though pgpool ?
> 
> Thanks in advance.
> 
> Best regards,
> - -- 
> Stéphane Schildknecht
> http://www.Loxodata.com
> Contact régional PostgreSQL
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with undefined - http://www.enigmail.net/
> 
> iEYEARECAAYFAlC16G4ACgkQA+REPKWGI0EGSwCgsY1rDxu5/Dbblw3gXqH0R70C
> tOAAn3jUZ0ONdo/a/+XxiD5WT9vrLsvM
> =Rf20
> -----END PGP SIGNATURE-----
> _______________________________________________
> pgpool-general mailing list
> pgpool-general at pgpool.net
> http://www.pgpool.net/mailman/listinfo/pgpool-general