Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

SSL Connection / Windows + Cygwin + PostgreSQL 7.4 Beta 1 question

0 views
Skip to first unread message

Carlos Guzman Alvarez

unread,
Aug 14, 2003, 11:46:05 AM8/14/03
to
Hello:

I'm trying to establish a TLS connection to PostgreSQL 7.4 beta 1 on
windows and Cygwin using C#, i have configured PostgreSQL as it's
explained here:

http://developer.postgresql.org/docs/postgres/ssl-tcp.html

There are anything more that is needed to be done in order to run
SSL/TLS connections to a PostgreSQL server??

Seems that i can start to establish the connection and receive the
ServerHello message but i get always an io exception ( from C# sockets )
when i sent the Client Finished TLS message ( if i try to connect to a
inet ssl server like ssl.netcraft.com:443 i can complete the Handshake
protocol ) any idea of what can i ave bad configure or i'm doing bad ??

Now two questions about SSL Request message:

1. I'm getting as response an 'S' instead of an 'Y' is this ok ??

2. In which format are sent the error messages for an SSL Request ?? (I
ask this because i think they are sent in 2.0 format i'm rigth??)


Thanks in advance.

--
Best regards

Carlos Guzmán Álvarez
Vigo-Spain

---------------------------(end of broadcast)---------------------------
TIP 6: Have you searched our list archives?

http://archives.postgresql.org

Tom Lane

unread,
Aug 14, 2003, 1:56:25 PM8/14/03
to
Carlos Guzman Alvarez <carl...@telefonica.net> writes:
> Now two questions about SSL Request message:

> 1. I'm getting as response an 'S' instead of an 'Y' is this ok ??

Doesn't sound right. A recent (7.1 or later) postmaster will always
return 'Y' or 'N'. Older postmasters will not recognize the SSLRequest
code and will return an 'E' message bleating about bad protocol number.

> 2. In which format are sent the error messages for an SSL Request ?? (I
> ask this because i think they are sent in 2.0 format i'm rigth??)

Always 2.0, because only a pre-7.1 postmaster will return an error.
It's not clear to me that you really need to bother to parse the
message, though. The only thing you can do is close the connection
and try again non-SSL (or fail if you don't want non-SSL).

regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 9: the planner will ignore your desire to choose an index scan if your
joining column's datatypes do not match

Carlos Guzman Alvarez

unread,
Aug 14, 2003, 2:10:53 PM8/14/03
to
Hello:

> Doesn't sound right. A recent (7.1 or later) postmaster will always
> return 'Y' or 'N'. Older postmasters will not recognize the SSLRequest
> code and will return an 'E' message bleating about bad protocol number.

Huummmm ... ok, i'm going to reinstall it from latest snapshot :)

> Always 2.0, because only a pre-7.1 postmaster will return an error.
> It's not clear to me that you really need to bother to parse the
> message, though. The only thing you can do is close the connection
> and try again non-SSL (or fail if you don't want non-SSL).

Ok, thanks, really i don't need to parse it but it's no bad to know that
the message is sent with 2.0 format :)

--
Best regards

Carlos Guzmán Álvarez
Vigo-Spain


---------------------------(end of broadcast)---------------------------
TIP 7: don't forget to increase your free space map settings

Tom Lane

unread,
Aug 14, 2003, 4:05:10 PM8/14/03
to
Barry Lind <bl...@xythos.com> writes:
> I also see S and N, and do for the database versions I have tested
> against (7.2, 7.3 and 7.4). I always thought this was just a doc bug
> with the FE/BE protocol docs.

[checks code] ... You are right. I will fix the docs.

regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 4: Don't 'kill -9' the postmaster

Barry Lind

unread,
Aug 14, 2003, 4:01:25 PM8/14/03
to
Tom,

I also see S and N, and do for the database versions I have tested
against (7.2, 7.3 and 7.4). I always thought this was just a doc bug
with the FE/BE protocol docs.

--Barry

---------------------------(end of broadcast)---------------------------
TIP 1: subscribe and unsubscribe commands go to majo...@postgresql.org

Carlos Guzman Alvarez

unread,
Aug 14, 2003, 4:53:46 PM8/14/03
to
Hello:


A last question i'm reviewing why i can finish the TLS Handshake
protocol, i have these two entries in the postgres log:

LOG: could not load root cert file "/usr/local/pgsql/data/root.crt": No
such file or directory

LOG: could not initialize SSL connection: tls rsa encrypted value
length is wrong


I think this can be only a problem with test certificate (that i have
created as is explained at
http://developer.postgresql.org/docs/postgres/ssl-tcp.html )?? there are
any other way for create it ??

--
Best regards

Carlos Guzmán Álvarez
Vigo-Spain


---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command
(send "unregister YourEmailAddressHere" to majo...@postgresql.org)

0 new messages