Dear list members,
I see a strange behaviour using root.crt. PostgreSQL always waits a
client certificate to check agains root.crt. But I set up a
'hostnossl' auth line un pg_hba.conf, PostgreSQL still wants a client
certificate. Also fails if line is a 'host'.
Better with an example:
---pg_hba.conf---
hostssl all all 192.168.0.1/32 md5
hostnossl all all 192.168.0.2/32 md5
-----------------
If I connect to PostgresSQL from 192.168.0.1, it fails if I don't
provide a client certificate, it is ok. But if I connect from
192.168.0.2, it also fails becouse I don't send a certificate. But I
declared a non-ssl connection from 192.168.0.2, it should let me
connect to databases, isn'it?
Removing root.crt works as expected. Client in 192.168.0.1 connect
using a SSL connection, and client in 192.168.0.2 connect using a
single connection.
It this behaviour ok? I think not. I want to allow clients on my LAN
access PostgreSQL server without a SSL connection , and require
a client certificate and a SSL connection to clients from outside my LAN.
I think it is not a strange configuration. So the configuration is:
---pg_hba.conf---
hostnossl all all <my-lan-range> md5
hostssl <user> <db> 0.0.0.0/0 md5
-----------------
This fails, because PostgreSQL expect that all clients provide a
client certificate.
Is there any config option to solve this? Is there any page or manual
about PostgreSQL with SSL (more in-deep that
http://www.postgresql.org/docs/8.0/interactive/ssl-tcp.html) ?
Oh, I'm using PostgreSQL 8.0.8 on a Gentoo box. Maybe I have to upgrade
to another version?
Thans you in advance.
--
Sergio Cinos
Info3 Servicios Informáticos S.L.
sergio.cinos@info3.com - www.info3.com