Re: [7.3] can't connect with SSL

We did overhaul the SSL code for 7.3, and I was able to get it working
using OpenSSL 0.9.6e 30 Jul 2002.  Have you read the new SSL
documentation in 7.3?

---------------------------------------------------------------------------

valerian wrote:
> I just upgraded my server from 7.2.1 to 7.3 last night, and can no longer
> connect over SSL (unencrypted connections still work ok, but I really need
> SSL).  I get the following error messages when I try to connect:
>
> psql (PostgreSQL client) 7.2.1
>     psql: could not establish SSL connection: No SSL error reported
>
> serverlog:
>     FATAL:  failed to initialize SSL connection: wrong version number
>
> I have the same version of openssl on both the client and server
> machines.  Both are running Debian 3.0, with these libs:
> - libssl-dev     0.9.6c-2.woody SSL development libraries, header files
> - libssl0.9.6    0.9.6c-2.woody SSL shared libraries
> - openssl        0.9.6c-2.woody Secure Socket Layer (SSL) binary and related
>
> My server configuration is like so (everything else is default):
>
> pg_hba.conf:
>     # TYPE    DATABASE    USER  IP-ADDRESS     IP-MASK            METHOD
>     local     all         all                                     crypt
>     hostssl   all         all   0.0.0.0         0.0.0.0           md5
>
> postgresql.conf:
>     tcpip_socket = true
>     ssl = true
>
> It was of course also configured for use with SSL:
> /configure --with-perl --with-openssl=/usr/include/openssl
> checking for SSL_library_init in -lssl... yes
> checking openssl/ssl.h usability... yes
> checking openssl/ssl.h presence... yes
> checking for openssl/ssl.h... yes
> checking openssl/err.h usability... yes
> checking openssl/err.h presence... yes
> checking for openssl/err.h... yes
>
> Now it sounds to me like this is an SSL handshake problem, but I don't
> see why, because I have exactly the same version of openssl on both the
> client and server machines.  On my client machine, I still have v7.2.1
> of 'psql' (the client binary) as that's what came bundled with my
> operating system.  I'm fairly certain that's not what's causing the
> problem though (or is it?)
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 3: if posting/reading through Usenet, please send an appropriate
> subscribe-nomail command to majordomo@postgresql.org so that your
> message can get through to the mailing list cleanly
>

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073