[pgpool-general: 1200] Can't enable SSL connection

"Stéphane A. Schildknecht" stephane.schildknecht at postgresql.fr
Wed Nov 28 19:33:18 JST 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

I am unsuccessfully trying to enable SSL between some client and PostgreSQL
through pgpool.

Versions installed :
$ psql -V
psql (PostgreSQL) 9.2.1

pgpool2 version 1.3-2 has been installed by deb package.

PostgreSQL is apparently correctly configured to enable SSL communication.

$ psql -h localhost -U myuser postgres
psql (9.2.1)
Connexion SSL (chiffrement : DHE-RSA-AES256-SHA, bits : 256)
Saisissez « help » pour l'aide.

But trying through pgpool, I can't enable SSL.

$ psql -h localhost -p 5433 -U myuser postgres
psql (9.2.1)
Type "help" for help.

Some configuration elements:
In pgpool2.conf, I set
listen_addresses = '*'
port = 5433
backend_hostname0 = 'localhost'
backend_port0 = 5432
ssl = on
ssl_key = '/usr/local/etc/server.key'
ssl_cert = '/usr/local/etc/server.crt'

In pool_hba.conf
local   all         all                               trust
host    all         all         127.0.0.1/32          trust
hostssl    all         all         127.0.0.1/32       trust

Enabling or disabling pool_hba has no effect here.

When trying a connection, I get the following lines in log:
Nov 28 11:14:34 myserver postgres[22053]: [12-1] user=[unknown],db=[unknown]
LOG:  connection received: host=127.0.0.1 port=59850
Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038:
Protocol Major: 1234 Minor: 5679 database:  user:
Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038:
SSLRequest: sent N; retry startup
Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038:
Protocol Major: 3 Minor: 0 database: postgres user: myuser
Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038:
new_connection: connecting 0 backend
Nov 28 11:14:34 myserver postgres[22053]: [13-1] user=myuser,db=postgres LOG:
 connection authorized: user=myuser database=postgres
Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038:
pool_read_message_length: slot: 0 length: 12
Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038: trying
md5 authentication
Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038: DB
node id: 0 salt: a1f96491
Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038:
pool_read_message_length2: master slot: 0 length: 26
Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038: 0 th
backend: name: application_name value: psql
Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038:
pool_read_message_length2: master slot: 0 length: 30
Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038: 0 th
backend: name: client_encoding value: SQL_ASCII
Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038:
pool_read_message_length2: master slot: 0 length: 23
Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038: 0 th
backend: name: DateStyle value: ISO, DMY
Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038:
pool_read_message_length2: master slot: 0 length: 25
Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038: 0 th
backend: name: integer_datetimes value: on
Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038:
pool_read_message_length2: master slot: 0 length: 27
Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038: 0 th
backend: name: IntervalStyle value: postgres
Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038:
pool_read_message_length2: master slot: 0 length: 20
Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038: 0 th
backend: name: is_superuser value: on
Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038:
pool_read_message_length2: master slot: 0 length: 25
Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038: 0 th
backend: name: server_encoding value: UTF8
Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038:
pool_read_message_length2: master slot: 0 length: 25
Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038: 0 th
backend: name: server_version value: 9.2.1
Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038:
pool_read_message_length2: master slot: 0 length: 32
Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038: 0 th
backend: name: session_authorization value: myuser
Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038:
pool_read_message_length2: master slot: 0 length: 35
Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038: 0 th
backend: name: standard_conforming_strings value: on
Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038:
pool_read_message_length2: master slot: 0 length: 17
Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038: 0 th
backend: name: TimeZone value: GMT
Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038:
pool_read_message_length: slot: 0 length: 12
Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038:
pool_send_auth_ok: send pid 22053 to frontend
Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038:
select_load_balancing_node: selected backend id is 0
Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038:
read_kind_from_backend: read kind from 0 th backend Z NUM_BACKENDS: 1
Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038:
pool_process_query: kind from backend: Z
Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038:
pool_read_message_length: slot: 0 length: 5
Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038:
ReadyForQuery: message length: 5
Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038:
ReadyForQuery: transaction state: I
Nov 28 11:14:34 myserver pgpool: 2012-11-28 11:14:34 DEBUG: pid 22038:
pool_process_query: num_fds: 6

I probably missed some step, but I can't figure out which.

Is there any information I could give you to help me configure SSL connection
to PostgreSQL though pgpool ?

Thanks in advance.

Best regards,
- -- 
Stéphane Schildknecht
http://www.Loxodata.com
Contact régional PostgreSQL

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iEYEARECAAYFAlC16G4ACgkQA+REPKWGI0EGSwCgsY1rDxu5/Dbblw3gXqH0R70C
tOAAn3jUZ0ONdo/a/+XxiD5WT9vrLsvM
=Rf20
-----END PGP SIGNATURE-----


More information about the pgpool-general mailing list