> Could it be server.crt vs server.cert (i see both in what you pasted > below). Perhaps not but couldn't help but ask :)
What an ideot I am! You are correct. Now I see: SSL connection (cipher: AES256-SHA, bits: 256) when I connect to pgpool using psql. Thanks! -- Tatsuo Ishii SRA OSS, Inc. Japan English: http://www.sraoss.co.jp/index_en.php Japanese: http://www.sraoss.co.jp > I think generally speaking the error reporting could use improvement; > there's some strerror type functions in openssl that ill try to make > use of in a subsequent patch. > > I'll look into this a bit more (along with your previous mail) > tomorrow or tuesday. > > sean > > -- > This mail was sent from a mobile device > > 31 jan 2010 kl. 14.19 skrev Tatsuo Ishii <[email protected]>: > > > Sean, > > > >>> I haven't touched any of the pg_hba.conf code yet, so I'm guessing > >>> that > >>> we'll need to add a bit more to support the hostssl/hostnossl config > >>> options (and in the meantime the previous behavior is probably > >>> still there, > >>> whatever it may be). > >> > >> Ok. I don't think hostssl/hostnossl support is mandatory anyway. > >> > >> Another questions. > >> > >> If SSL support is disabled in PostgreSQL and SSL support is enabled > >> on > >> frontend and pgool, what will happen? My guess is, communication > >> between frontend and pgpool is SSL ciphered, but between pgpool and > >> PostgreSQL is not. > >> > >> What will happen if one of PostgreSQL supports SSL but others do not? > >> > >> BTW, I have committed your last patches with "show pool_status" > >> support. Can you verify CVS HEAD? > > > > I have tried frontend->pgpool SSL support but I got following error: > > > > pool_ssl: SSL cert failure: 33558530 > > > > I have created server.key and server.cert file and let pgpool.conf > > point them: > > > > ssl_key = '/usr/local/etc/server.key' > > ssl_cert = '/usr/local/etc/server.cert' > > > > server.key and server.cert file were created as follows: > > > > openssl genrsa -out server.key 1024 > > openssl req -new -key server.key -x509 -days 365 -out server.crt > > > > This way, pgpool sucessfully connects to PostgreSQL with SSL enabled. > > > > Am I missing something? > > -- > > Tatsuo Ishii > > SRA OSS, Inc. Japan > > English: http://www.sraoss.co.jp/index_en.php > > Japanese: http://www.sraoss.co.jp _______________________________________________ Pgpool-hackers mailing list [email protected] http://pgfoundry.org/mailman/listinfo/pgpool-hackers
