#62: Support SSL connections
--------------------------+------------------------------
Reporter: cito | Owner:
Type: enhancement | Status: new
Priority: major | Milestone: 5.1
Component: C Module | Version: 4.1
Resolution: | Keywords: security network
--------------------------+------------------------------
Comment (by cito):
Note by Patrick:
In fact it also works with DB API 2, but it's the database argument, which
is not first in the list, so you need something like this:
{{{
db = pgdb.connect(database='host=myinsecurehost port=12345
sslmode=require dbname=postgres password=password001')
}}}
although these also work:
{{{
db = pgdb.connect(':host=myinsecurehost port=12345 sslmode=require
dbname=postgres password=password001:::')
}}}
{{{
db = pgdb.connect(None, None, 'password001', 'myinsecurehost:12345',
'sslmode=verify-ca dbname=postgres')
}}}
{{{
db.cursor().execute('show server_version').fetchall()
[['9.5.5']]
}}}
That server requires me to send an x509 certificate as well as a password.
If I try to connect from a host where I don't have that certificate, I get
an error:
{{{
pg.InternalError: FATAL: connection requires a valid client certificate
}}}
So, client certificate sending works. And trying to connect to a db
which doesn't have ssl set up results in
{{{
pg.InternalError: server does not support SSL, but SSL was required
}}}
--
Ticket URL: <http://trac.pygresql.org:8000/pgtracker/ticket/62#comment:3>
PyGreSQL <http://www.pygresql.org/>
PyGreSQL Tracker
_______________________________________________
PyGreSQL mailing list
PyGreSQL@vex.net
https://mail.vex.net/mailman/listinfo.cgi/pygresql
