Re: SslTests failures - resolved
| От | Mikko Tiihonen |
|---|---|
| Тема | Re: SslTests failures - resolved |
| Дата | |
| Msg-id | 4ECC0E77.1080500@nitorcreations.com обсуждение исходный текст |
| Ответ на | Re: SslTests failures (Mikko Tiihonen <mikko.tiihonen@nitorcreations.com>) |
| Ответы |
Re: SslTests failures - resolved
|
| Список | pgsql-jdbc |
On 11/22/2011 10:31 PM, Mikko Tiihonen wrote: > On 11/22/2011 09:40 PM, Dave Cramer wrote: >> Mikko, >> >> You probably (like me) have a very permissive pg_hba.conf file. It >> needs to be restricted so that local databases need to connect via >> ssl. At least that was my experience. > > Thanks, that helped me further. I had to uncomment all lines starting with > "host all" or use the provided pg_hba.conf as is. > > Now I have only 28 failures: > sslcertgh[89]-disable* > sslcertbh[89]-disable* > > They fail with "Connection rejected: FATAL: certificate authentication failed for user "jdbctest" on jdbc driver side > and "LOG: provided user name (jdbctest) and authenticated user name (test) do not match" on server side. > > I cannot see where the authenticated user name "test" can come from unless it is inside the certificates - in which caseI'll update the > documentation to say that the postgres account for SSL tests must be named "test". After running "createuser test -P" all ssl tests pass. Here is the final patch to the README to document what next user has to do to set up the tests. Index: certdir/README =================================================================== RCS file: /cvsroot/jdbc/pgjdbc/certdir/README,v retrieving revision 1.1 diff -u -r1.1 README --- certdir/README 17 Nov 2011 11:27:50 -0000 1.1 +++ certdir/README 22 Nov 2011 21:01:58 -0000 @@ -40,5 +40,18 @@ #Common name is localhost, no password The subdirectory server contains what should be copied to the PGDATA directory. +If you do not overwrite the pg_hba.conf then remember to comment out all lines +starting with "host all". For the tests the sslinfo module must be installed into every database. +The ssl=on must be set in postgresql.conf + +The following command creates the databases and installs the sslinfo module. + +for db in hostssldb hostnossldb certdb hostsslcertdb; do + createdb $db + psql $db -c "create extension sslinfo" +done + +The username for connecting to postgres as specified in build.local.properties tests has to be "test". +
В списке pgsql-jdbc по дате отправления: