[pgpool-general: 2804] Re: PgPool SSL problems: library refuses to load, even though enabled

Tatsuo Ishii ishii at postgresql.org
Sun May 4 20:11:09 JST 2014 

Rick,

> On more inspection, it appears that even though the pgpool RPM was linked
> to the SSL library when compiled, the --with-openssl directive was not
> enabled. I compiled pgpool from source with the openssl directive, and now
> have no problem with SSL connections.
> 
> In the future, I hope the PgPool team will consider releasing an
> SSL-enabled RPM for download, as it makes widespread deployment of PgPool
> much easier in an enterprise.

Sorry for the inconvenience. I have uploaded SSL-enabled RPM.

http://www.pgpool.net/mediawiki/index.php/Downloads

pgpool-II-pg93-3.3.3-2.pgdg.x86_64.rpm
pgpool-II-pg93-devel-3.3.3-2.pgdg.x86_64.rpm
pgpool-II-pg93-3.3.3-2.pgdg.src.rpm

Please try.

Best regards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese: http://www.sraoss.co.jp

> Best regards,
> 
> Rick Morris
> 
> 
> On Thu, May 1, 2014 at 4:12 PM, Rick Morris <rmorris at kss-inc.com> wrote:
> 
>> Hi All,
>>
>> I can't get PgPool to support SSL connections, even though I follow the
>> documented steps perfectly.
>>
>> Scenario: 2 PostgreSQL servers with streaming replication (primary ->
>> standby), PgPool in load-balancing mode. Everything works fine with non-SSL
>> connections.
>>
>> 1. In the case of requiring SSL connections from the Postgres servers,
>> connection attempts just fail with "pool_do_auth: maybe protocol version
>> mismatch (current version 3)" while on the server side I see
>>
>> "FATAL:  no pg_hba.conf entry for host "192.168.10.10", user "postgres",
>> database "template1", SSL off"
>> (connection set to hostssl in pg_hba.conf).
>>
>>
>> 2. In the case of enabling local SSL connections to PgPool, I configure
>> pgpool.conf with
>>
>> ssl = true
>> ssl_key = '/etc/pgpool-II/server.key'
>> ssl_cert = '/etc/pgpool-II/server.crt'
>> (with self-signed cert, same as in the Postgres servers)
>>
>> And when I connect locally to PgPool, the log shows
>>
>> "pool_ssl: SSL requested but SSL support is not available"
>>
>> And when I turn on debugging (set to 1 or 2 in pgpool.conf) I do not see
>> SSL mentioned in the reported config keys during startup.
>>
>>
>> System: Centos 6.5,
>>
>> Installed binaries:
>> pgpool-II-pg93-3.3.3-1.pgdg.x86_64
>> postgresql93.x86_64   9.3.4-1PGDG.rhel6 @pgdg93
>>
>> postgresql93-contrib.x86_64
>> postgresql93-libs.x86_64
>>
>> Library check:
>> [root at server ~]# ldd /usr/bin/pgpool
>> linux-vdso.so.1 =>(0x00007fff32f1c000)
>> libpq.so.5 => /usr/pgsql-9.3/lib/libpq.so.5 (0x00007f2e121f0000)
>> libpcp.so.0 => /usr/lib64/libpcp.so.0 (0x0000003663c00000)
>> libpthread.so.0 => /lib64/libpthread.so.0 (0x0000003662800000)
>> libpam.so.0 => /lib64/libpam.so.0 (0x0000003667400000)
>> libcrypt.so.1 => /lib64/libcrypt.so.1 (0x0000003664800000)
>> libresolv.so.2 => /lib64/libresolv.so.2 (0x0000003664000000)
>> libnsl.so.1 => /lib64/libnsl.so.1 (0x0000003665400000)
>> libm.so.6 => /lib64/libm.so.6 (0x0000003663000000)
>> libc.so.6 => /lib64/libc.so.6 (0x0000003662400000)
>> libssl.so.10 => /usr/lib64/libssl.so.10 (0x0000003669400000)
>> libcrypto.so.10 => /usr/lib64/libcrypto.so.10 (0x0000003668400000)
>> libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x0000003668000000)
>> libldap_r-2.4.so.2 => /lib64/libldap_r-2.4.so.2 (0x0000003665000000)
>> /lib64/ld-linux-x86-64.so.2 (0x0000003661c00000)
>> libaudit.so.1 => /lib64/libaudit.so.1 (0x0000003666400000)
>> libdl.so.2 => /lib64/libdl.so.2 (0x0000003662000000)
>> libfreebl3.so => /lib64/libfreebl3.so (0x0000003664c00000)
>> libkrb5.so.3 => /lib64/libkrb5.so.3 (0x0000003668c00000)
>> libcom_err.so.2 => /lib64/libcom_err.so.2 (0x0000003664400000)
>> libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x0000003669000000)
>> libz.so.1 => /lib64/libz.so.1 (0x0000003663400000)
>> libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x0000003668800000)
>> libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x0000003667c00000)
>> liblber-2.4.so.2 => /lib64/liblber-2.4.so.2 (0x0000003669c00000)
>> libssl3.so => /usr/lib64/libssl3.so (0x0000003667000000)
>> libsmime3.so => /usr/lib64/libsmime3.so (0x0000003667800000)
>> libnss3.so => /usr/lib64/libnss3.so (0x0000003665c00000)
>> libnssutil3.so => /usr/lib64/libnssutil3.so (0x0000003665800000)
>> libplds4.so => /lib64/libplds4.so (0x0000003666000000)
>> libplc4.so => /lib64/libplc4.so (0x0000003666800000)
>> libnspr4.so => /lib64/libnspr4.so (0x0000003666c00000)
>> libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x0000003669800000)
>> libselinux.so.1 => /lib64/libselinux.so.1 (0x0000003663800000)
>> librt.so.1 => /lib64/librt.so.1 (0x0000003662c00000)
>>
>> PgPool master process
>> /usr/bin/pgpool -f /etc/pgpool-II/pgpool.conf -n
>>
>> I am at a loss. Is there anything else I can look for to figure out why
>> SSL is not loading?
>>
>> Thanks
>>
>> Rick Morris
>>
> 
> -- 
> 
> 
> 
> Confidentiality Statement
> This email and any files transmitted with it are confidential and intended 
> solely for the use of the individual or entity to whom they are addressed. 
> If you have received this email in error please notify the system manager. 
> This message contains confidential information and is intended only for the 
> individual named. If you are not the named addressee you should not 
> disseminate, distribute or copy this e-mail. Please notify the sender 
> immediately by e-mail if you have received this e-mail by mistake and 
> delete this e-mail from your system. If you are not the intended recipient 
> you are notified that disclosing, copying, distributing or taking any 
> action in reliance on the contents of this information is strictly 
> prohibited.
> KnowledgeSource, 580 Harrison Ave, Boston MA 02118
>

More information about the pgpool-general mailing list