Re: [ADMIN] Connecting via SSL not working (except from psql)
| От | Paul Legato |
|---|---|
| Тема | Re: [ADMIN] Connecting via SSL not working (except from psql) |
| Дата | |
| Msg-id | 3D513208.6090802@nks.net обсуждение исходный текст |
| Ответ на | Re: [ADMIN] Connecting via SSL not working (except from psql) ("Magnus Hagander" <mha@sollentuna.net>) |
| Список | pgsql-jdbc |
Hi Magnus, Thanks for the help. I'll take a look at fe-connect.c and see if I can get my JDBC driver working. Is anyone within the Postgres project currently adding SSL support to JDBC? Anyone interested in the patches once I get everything working? -Paul Magnus Hagander wrote: > Hi! > > SSL is not enabled at connection time in pgsql - it is negotiatied with > the postmaster, and enabled later. You need to send a correctly > formatted start message in clear text to the postmaster to initiate the > SSL negotiation first, and turn on SSL after that (assuming the > postmaster reports that SSL is Ok). > This is done so the postmaster can listen for both SSL and non-SSL > connections on the same port. > > Take a look at how libpq does it. In 7.1.3, it starts at line 963 in > interfaces/libpq/fe-connect.c. > (Sorry, don't have the source to a newer version around right now - look > for comment on 'Attempt to negotiate SSL usage'). > > //Magnus > > >>-----Original Message----- >>From: Paul Legato [mailto:plegato@nks.net] >>Sent: Tuesday, August 06, 2002 5:47 PM >>To: pgsql-admin@postgresql.org >>Cc: pgsql-jdbc@postgresql.org >>Subject: [ADMIN] Connecting via SSL not working (except from psql) >> >> >>Hi, >> >>I'm trying to connect to SSL-enabled Postgres (started with >>-i -l) using >>both the openssl command line utility and with a modified JDBC driver >>using the built in JSSE API from Java 1.4. >> >>If I attempt to connect from a shell with the openssl test >>utility, I get: >> >>$ openssl s_client -connect localhost:5432 >>CONNECTED(00000003) >>25870:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown >>protocol:s23_clnt.c:460: >> >>With the JDBC driver, at connection I get: >> >>javax.net.ssl.SSLException: Unrecognized SSL message, >>plaintext connection? >> >>In both cases, the server logs the message "FATAL 1: invalid >>length of >>startup packet". >> >>A connection to the server with psql works fine, and prints "SSL >>connection (cipher: DES-CBC3-SHA, bits: 168)" at startup. I've tried >>manually specifying this cipher to openssl, which does not change the >>result. >> >>I'm stuck. Any suggestions or pointers will be greatly appreciated. :) >> >>Thanks, >>-Paul >> >> >>---------------------------(end of >>broadcast)--------------------------- >>TIP 3: if posting/reading through Usenet, please send an >>appropriate subscribe-nomail command to >>majordomo@postgresql.org so that your message can get through >>to the mailing list cleanly >> >
В списке pgsql-jdbc по дате отправления: