Re: PG84 and SELinux

On Mon, December 6, 2010 00:47, Greg Smith wrote:

>
> That looks to be the str_copy routine from conf_def.c in the OpenSSL
> code, i.e. line 624 of the version at:
>
> http://code.google.com/p/commitmonitor/source/browse/trunk/common/openssl/crypto/conf/conf_def.c
>
> So guessing something in the SSL autonegotiation is failing here in
> a really unexpected way.
>

The problem was an expired pki certificate.  When we first used ssl
for pg we did not have our private CA set up. So we generated a
self-signed certificate.  That certificate expired this past July
and I infer that while 8.1 did not care 8.4 evidently does.

In any case, we generated a new key and had a certificate signing
request signed by our CA.  We installed both as server.key and
server.crt in the pgsql/data directory with chmod 600 and chown
postgres:postgres. Setting the postgresql.conf ssl option to on and
restarting the server no longer causes any error.

Than you all for the help.

--
***          E-Mail is NOT a SECURE channel          ***
James B. Byrne                mailto:ByrneJB@Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3