Re: pgAdmin asks me the server's private key
От | Michael Shapiro |
---|---|
Тема | Re: pgAdmin asks me the server's private key |
Дата | |
Msg-id | AANLkTim4XBA+kF-Vsv+2H6FB9U5cUr=unQ=Dgwhynvj1@mail.gmail.com обсуждение исходный текст |
Ответ на | Re: pgAdmin asks me the server's private key (Guillaume Lelarge <guillaume@lelarge.info>) |
Список | pgadmin-support |
I think this is a postgres question about how it expects ssl to be configured ...<br />I found some source code for Postgresthat has this message in it..<br /><br /><a href="http://doxygen.postgresql.org/fe-secure_8c-source.html">http://doxygen.postgresql.org/fe-secure_8c-source.html</a><br /><br/><div style="margin-left: 40px;">01010 if (have_cert && fnbuf[0] != '\0')<br />01011 {<br />01012 /* read the client key from file */<br />01013 <br />01014 if (stat(fnbuf, &buf) != 0)<br /> 01015 {<br />01016 printfPQExpBuffer(&conn->errorMessage,<br />01017 libpq_gettext("<b>certificate present, but not private key file</b> \"%s\"\n"),<br />01018 fnbuf);<br />01019 return -1;<br />01020 }<br />01021 #ifndef WIN32<br/>01022 if (!S_ISREG(buf.st_mode) || buf.st_mode & (S_IRWXG | S_IRWXO))<br />01023 {<br /> 01024 printfPQExpBuffer(&conn->errorMessage,<br />01025 libpq_gettext("privatekey file \"%s\" has group or world access; permissions should be u=rw (0600) or less\n"),<br /> 01026 fnbuf);<br />01027 return -1;<br />01028 }<br />01029 #endif<br />01030<br />01031 if (SSL_use_PrivateKey_file(conn->ssl, fnbuf, SSL_FILETYPE_PEM) != 1)<br />01032 {<br/> 01033 char *err = SSLerrmessage();<br />01034 <br />01035 printfPQExpBuffer(&conn->errorMessage,<br/>01036 libpq_gettext("could not load private key file \"%s\":%s\n"),<br /> 01037 fnbuf, err);<br />01038 SSLerrfree(err);<br />01039 return -1;<br />01040 }<br />01041 }<br /><br /></div><br /><br /><div class="gmail_quote">2010/10/6Guillaume Lelarge <span dir="ltr"><<a href="mailto:guillaume@lelarge.info">guillaume@lelarge.info</a>></span><br/><blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">Le 06/10/2010 22:51, SébastienMauroy a écrit :<br /> > [...]<br /> > I installed postgreSQL on my serveur with the SSL support enabled.I<br /> > have my own CA and I generated a cert for this service. When I use<br /> > pgAdmin III, it says :<br/> ><br /> > "Error connecting to the server: certificate present, but not private<br /> > key file "C:\Users\<myuser>\AppData\Roaming/postgresql/postgresql.key"<br /> ><br /> > I don't understand why it wantsthe server private key ?! It's a big<br /> > security hole if I must give the private key. I miss something ?<br/> ><br /><br /> Well, I guess you do. Did you try to connect with psql? didn't it ask<br /> for the same thing?<br/><br /><br /> --<br /> Guillaume<br /> <a href="http://www.postgresql.fr" target="_blank">http://www.postgresql.fr</a><br/> <a href="http://dalibo.com" target="_blank">http://dalibo.com</a><br /><fontcolor="#888888"><br /> --<br /> Sent via pgadmin-support mailing list (<a href="mailto:pgadmin-support@postgresql.org">pgadmin-support@postgresql.org</a>)<br/> To make changes to your subscription:<br/><a href="http://www.postgresql.org/mailpref/pgadmin-support" target="_blank">http://www.postgresql.org/mailpref/pgadmin-support</a><br/></font></blockquote></div><br />
В списке pgadmin-support по дате отправления: