SSL mode annoyance
| От | Christopher Kings-Lynne |
|---|---|
| Тема | SSL mode annoyance |
| Дата | |
| Msg-id | 40283FB2.2080209@familyhealth.com.au обсуждение исходный текст |
| Ответы |
Re: SSL mode annoyance
|
| Список | pgsql-hackers |
Hey guys, I just set up a remote SSL port to our production db servers. Yeah, yeah, it's iffy, but management... I generated a server.crt and server.key as per docs. I set ssl = true in postgresql.conf I put this in pg_hba.conf: hostnossl all all 127.0.0.1 255.255.255.255 md5 hostnossl all all <farmip> 255.255.255.255 md5 hostnossl all all <farmip> 255.255.255.255 md5 hostssl all all <remoteip> 255.255.255.255 md5 Basically, I changed my 'host' to 'hostnossl' to deny ssl connections there (as I noticed psql seems to connect as ssl by default), and I allowed and required our office ip to connect ssl Now, I get heaps and heaps of these in my postgres log, from my farm ips: Feb 9 18:07:35 goddard postgres[33474]: [3-1] FATAL: no pg_hba.conf entry for host "207.228.xxx.xxx", user "us-php", database "usa", SSL on Feb 9 18:07:36 goddard postgres[33476]: [3-1] FATAL: no pg_hba.conf entry for host "207.228.xxx.xxx", user "us-php", database "usa", SSL on Feb 9 18:07:36 goddard postgres[33478]: [3-1] FATAL: no pg_hba.conf entry for host "207.228.xxx.xxx", user "us-php", database "usa", SSL on Feb 9 18:07:45 goddard postgres[33480]: [3-1] FATAL: no pg_hba.conf entry for host "207.228.xxx.xxx", user "us-php", database "usa", SSL on Does this mean that libpq always attempts to connect in SSL mode and then falls back? Is it detecting that ssl=true and assuming that, even though that particular IP does not support SSL? Is there some way to fix this? Chris Surely it should reco
В списке pgsql-hackers по дате отправления: