Re: SslTests failures - resolved
| От | Dave Cramer |
|---|---|
| Тема | Re: SslTests failures - resolved |
| Дата | |
| Msg-id | CADK3HHJMN-N2PkrD1ecwvSfJRQU1PV1cWS4wH26VBwnGR3JzJA@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: SslTests failures - resolved (Mikko Tiihonen <mikko.tiihonen@nitorcreations.com>) |
| Список | pgsql-jdbc |
Mikko, Can you attach that file instead of including it inline ? Dave Cramer dave.cramer(at)credativ(dot)ca http://www.credativ.ca On Tue, Nov 22, 2011 at 4:04 PM, Mikko Tiihonen <mikko.tiihonen@nitorcreations.com> wrote: > On 11/22/2011 10:31 PM, Mikko Tiihonen wrote: >> >> On 11/22/2011 09:40 PM, Dave Cramer wrote: >>> >>> Mikko, >>> >>> You probably (like me) have a very permissive pg_hba.conf file. It >>> needs to be restricted so that local databases need to connect via >>> ssl. At least that was my experience. >> >> Thanks, that helped me further. I had to uncomment all lines starting with >> "host all" or use the provided pg_hba.conf as is. >> >> Now I have only 28 failures: >> sslcertgh[89]-disable* >> sslcertbh[89]-disable* >> >> They fail with "Connection rejected: FATAL: certificate authentication >> failed for user "jdbctest" on jdbc driver side >> and "LOG: provided user name (jdbctest) and authenticated user name (test) >> do not match" on server side. >> >> I cannot see where the authenticated user name "test" can come from unless >> it is inside the certificates - in which case I'll update the >> documentation to say that the postgres account for SSL tests must be named >> "test". > > After running "createuser test -P" all ssl tests pass. > > Here is the final patch to the README to document what next user has to do > to set up the tests. > > Index: certdir/README > =================================================================== > RCS file: /cvsroot/jdbc/pgjdbc/certdir/README,v > retrieving revision 1.1 > diff -u -r1.1 README > --- certdir/README 17 Nov 2011 11:27:50 -0000 1.1 > +++ certdir/README 22 Nov 2011 21:01:58 -0000 > @@ -40,5 +40,18 @@ > #Common name is localhost, no password > > The subdirectory server contains what should be copied to the PGDATA > directory. > +If you do not overwrite the pg_hba.conf then remember to comment out all > lines > +starting with "host all". > > For the tests the sslinfo module must be installed into every database. > +The ssl=on must be set in postgresql.conf > + > +The following command creates the databases and installs the sslinfo > module. > + > +for db in hostssldb hostnossldb certdb hostsslcertdb; do > + createdb $db > + psql $db -c "create extension sslinfo" > +done > + > +The username for connecting to postgres as specified in > build.local.properties tests has to be "test". > + > > -- > Sent via pgsql-jdbc mailing list (pgsql-jdbc@postgresql.org) > To make changes to your subscription: > http://www.postgresql.org/mailpref/pgsql-jdbc >
В списке pgsql-jdbc по дате отправления: