Re: SslTests failures

Mikko,

You probably (like me) have a very permissive pg_hba.conf file. It
needs to be restricted so that local databases need to connect via
ssl. At least that was my experience.

Dave Cramer

dave.cramer(at)credativ(dot)ca
http://www.credativ.ca




On Tue, Nov 22, 2011 at 2:34 PM, Mikko Tiihonen
<mikko.tiihonen@nitorcreations.com> wrote:
> Hi,
>
> I'm trying to run the SslTests but get 88 failures. It is probably something
> I set up wrong in the environment.
>
> The following tests fail:
>
> sslhostnossl[89]-requireG*
> sslhostnossl[89]-verify-caGG*
> sslhostnossl[89]-verify-fullGG*
>
> sslhostsslgh[89]-disable*
> sslhostsslbh[89]-disable*
>
> sslhostcertgh[89]-disable*
> sslhostcertbh[89]-disable*
>
> sslcertgh[89]-disable*
> sslcertbh[89]-disable*
>
> All of them fail with unexpectedly successful connection (meaning: test
> expected connection opening to fail but it succeeded).
>
> Here is a patch to the ssltest documentation describing how I have tried to
> set-up the environment.
>
>
> Index: certdir/README
> ===================================================================
> RCS file: /cvsroot/jdbc/pgjdbc/certdir/README,v
> retrieving revision 1.1
> diff -u -r1.1 README
> --- certdir/README      17 Nov 2011 11:27:50 -0000      1.1
> +++ certdir/README      22 Nov 2011 19:29:27 -0000
> @@ -42,3 +42,11 @@
>  The subdirectory server contains what should be copied to the PGDATA
> directory.
>
>  For the tests the sslinfo module must be installed into every database.
> +The ssl=on must be set in postgresql.conf
> +
> +The following command creates the databases and installs the sslinfo
> module.
> +
> +for db in hostssldb hostnossldb certdb hostsslcertdb; do
> +  createdb $db
> +  psql $db -c "create extension sslinfo"
> +done
>
> --
> Sent via pgsql-jdbc mailing list (pgsql-jdbc@postgresql.org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-jdbc
>