Hi!
Could it be server.crt vs server.cert (i see both in what you pasted
below). Perhaps not but couldn't help but ask :)
I think generally speaking the error reporting could use improvement;
there's some strerror type functions in openssl that ill try to make
use of in a subsequent patch.
I'll look into this a bit more (along with your previous mail)
tomorrow or tuesday.
sean
--
This mail was sent from a mobile device
31 jan 2010 kl. 14.19 skrev Tatsuo Ishii <[email protected]>:
Sean,
I haven't touched any of the pg_hba.conf code yet, so I'm guessing
that
we'll need to add a bit more to support the hostssl/hostnossl config
options (and in the meantime the previous behavior is probably
still there,
whatever it may be).
Ok. I don't think hostssl/hostnossl support is mandatory anyway.
Another questions.
If SSL support is disabled in PostgreSQL and SSL support is enabled
on
frontend and pgool, what will happen? My guess is, communication
between frontend and pgpool is SSL ciphered, but between pgpool and
PostgreSQL is not.
What will happen if one of PostgreSQL supports SSL but others do not?
BTW, I have committed your last patches with "show pool_status"
support. Can you verify CVS HEAD?
I have tried frontend->pgpool SSL support but I got following error:
pool_ssl: SSL cert failure: 33558530
I have created server.key and server.cert file and let pgpool.conf
point them:
ssl_key = '/usr/local/etc/server.key'
ssl_cert = '/usr/local/etc/server.cert'
server.key and server.cert file were created as follows:
openssl genrsa -out server.key 1024
openssl req -new -key server.key -x509 -days 365 -out server.crt
This way, pgpool sucessfully connects to PostgreSQL with SSL enabled.
Am I missing something?
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese: http://www.sraoss.co.jp
_______________________________________________
Pgpool-hackers mailing list
[email protected]
http://pgfoundry.org/mailman/listinfo/pgpool-hackers
