Sean, > > I haven't touched any of the pg_hba.conf code yet, so I'm guessing that > > we'll need to add a bit more to support the hostssl/hostnossl config > > options (and in the meantime the previous behavior is probably still there, > > whatever it may be). > > Ok. I don't think hostssl/hostnossl support is mandatory anyway. > > Another questions. > > If SSL support is disabled in PostgreSQL and SSL support is enabled on > frontend and pgool, what will happen? My guess is, communication > between frontend and pgpool is SSL ciphered, but between pgpool and > PostgreSQL is not. > > What will happen if one of PostgreSQL supports SSL but others do not? > > BTW, I have committed your last patches with "show pool_status" > support. Can you verify CVS HEAD?
I have tried frontend->pgpool SSL support but I got following error: pool_ssl: SSL cert failure: 33558530 I have created server.key and server.cert file and let pgpool.conf point them: ssl_key = '/usr/local/etc/server.key' ssl_cert = '/usr/local/etc/server.cert' server.key and server.cert file were created as follows: openssl genrsa -out server.key 1024 openssl req -new -key server.key -x509 -days 365 -out server.crt This way, pgpool sucessfully connects to PostgreSQL with SSL enabled. Am I missing something? -- Tatsuo Ishii SRA OSS, Inc. Japan English: http://www.sraoss.co.jp/index_en.php Japanese: http://www.sraoss.co.jp _______________________________________________ Pgpool-hackers mailing list [email protected] http://pgfoundry.org/mailman/listinfo/pgpool-hackers
