SSL Connection / Windows + Cygwin + PostgreSQL 7.4 Beta 1 question
Hello:
I'm trying to establish a TLS connection to PostgreSQL 7.4 beta 1 on
windows and Cygwin using C#, i have configured PostgreSQL as it's
explained here:
http://developer.postgresql.org/docs/postgres/ssl-tcp.html
There are anything more that is needed to be done in order to run
SSL/TLS connections to a PostgreSQL server??
Seems that i can start to establish the connection and receive the
ServerHello message but i get always an io exception ( from C# sockets )
when i sent the Client Finished TLS message ( if i try to connect to a
inet ssl server like ssl.netcraft.com:443 i can complete the Handshake
protocol ) any idea of what can i ave bad configure or i'm doing bad ??
Now two questions about SSL Request message:
1. I'm getting as response an 'S' instead of an 'Y' is this ok ??
2. In which format are sent the error messages for an SSL Request ?? (I
ask this because i think they are sent in 2.0 format i'm rigth??)
Thanks in advance.
--
Best regards
Carlos Guzm�n �lvarez
Vigo-Spain
Carlos Guzman Alvarez <carlosga@telefonica.net> writes:
Now two questions about SSL Request message:
1. I'm getting as response an 'S' instead of an 'Y' is this ok ??
Doesn't sound right. A recent (7.1 or later) postmaster will always
return 'Y' or 'N'. Older postmasters will not recognize the SSLRequest
code and will return an 'E' message bleating about bad protocol number.
2. In which format are sent the error messages for an SSL Request ?? (I
ask this because i think they are sent in 2.0 format i'm rigth??)
Always 2.0, because only a pre-7.1 postmaster will return an error.
It's not clear to me that you really need to bother to parse the
message, though. The only thing you can do is close the connection
and try again non-SSL (or fail if you don't want non-SSL).
regards, tom lane
Hello:
Doesn't sound right. A recent (7.1 or later) postmaster will always
return 'Y' or 'N'. Older postmasters will not recognize the SSLRequest
code and will return an 'E' message bleating about bad protocol number.
Huummmm ... ok, i'm going to reinstall it from latest snapshot :)
Always 2.0, because only a pre-7.1 postmaster will return an error.
It's not clear to me that you really need to bother to parse the
message, though. The only thing you can do is close the connection
and try again non-SSL (or fail if you don't want non-SSL).
Ok, thanks, really i don't need to parse it but it's no bad to know that
the message is sent with 2.0 format :)
--
Best regards
Carlos Guzm�n �lvarez
Vigo-Spain
Tom,
I also see S and N, and do for the database versions I have tested
against (7.2, 7.3 and 7.4). I always thought this was just a doc bug
with the FE/BE protocol docs.
--Barry
Tom Lane wrote:
Show quoted text
Carlos Guzman Alvarez <carlosga@telefonica.net> writes:
Now two questions about SSL Request message:
1. I'm getting as response an 'S' instead of an 'Y' is this ok ??
Doesn't sound right. A recent (7.1 or later) postmaster will always
return 'Y' or 'N'. Older postmasters will not recognize the SSLRequest
code and will return an 'E' message bleating about bad protocol number.2. In which format are sent the error messages for an SSL Request ?? (I
ask this because i think they are sent in 2.0 format i'm rigth??)Always 2.0, because only a pre-7.1 postmaster will return an error.
It's not clear to me that you really need to bother to parse the
message, though. The only thing you can do is close the connection
and try again non-SSL (or fail if you don't want non-SSL).regards, tom lane
---------------------------(end of broadcast)---------------------------
TIP 9: the planner will ignore your desire to choose an index scan if your
joining column's datatypes do not match
Barry Lind <blind@xythos.com> writes:
I also see S and N, and do for the database versions I have tested
against (7.2, 7.3 and 7.4). I always thought this was just a doc bug
with the FE/BE protocol docs.
[checks code] ... You are right. I will fix the docs.
regards, tom lane
Hello:
A last question i'm reviewing why i can finish the TLS Handshake
protocol, i have these two entries in the postgres log:
LOG: could not load root cert file "/usr/local/pgsql/data/root.crt": No
such file or directory
LOG: could not initialize SSL connection: tls rsa encrypted value
length is wrong
I think this can be only a problem with test certificate (that i have
created as is explained at
http://developer.postgresql.org/docs/postgres/ssl-tcp.html )?? there are
any other way for create it ??
--
Best regards
Carlos Guzm�n �lvarez
Vigo-Spain