0

I would like to connect to my Postgres 8.3 database using SSL from my XP client using OpenSSL. This works fine without SSL. When I try it with SSL (no client certificate), I get the error:

error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure

I have followed the instructions in the Postgres manual for SSL including creating a self-signed certificate. In my pg_hba.conf there is a line:

host  dbname  loginname   123.45.67.89/32  md5

The version of OpenSSL on the server is 0.9.8g and on the client is 0.9.8j. I'd appreciate any suggestions for tracking down the problem.

Edit:

The uncommented lines from postgresql.conf are: 

data_directory = '/var/ebs0/postgres/main' 
hba_file = '/etc/postgresql/8.3/main/pg_hba.conf' 
ident_file = '/etc/postgresql/8.3/main/pg_ident.conf' 
external_pid_file = '/var/run/postgresql/8.3-main.pid' 
listen_addresses = '*' 
port = 5432 max_connections = 100 
unix_socket_directory = '/var/run/postgresql' 
ssl = true 
shared_buffers = 24MB
David Pashley
  • 23,497
  • 2
  • 46
  • 73
Mitch
  • 291
  • 1
  • 4
  • 7
  • I noticed that my postgres log has the following entry when I am unable to make the SSL connection: LOG: could not accept SSL connection: EOF detected – Mitch Sep 08 '09 at 16:50
  • "I would like to connect to my Postgres 8.3 database using SSL from my XP client using OpenSSL". What do you mean "using OpenSSL"? Using a known PostgreSQL client that relies on OpenSSL, using `openssl s_client` or using your own client that you've written using OpenSSL? – Bruno Jan 16 '12 at 22:31

1 Answers1

1

My guess is that you're trying to talk ssl to a connection that isn't expecting it. You might try using hostssl, rather than host, but it would be more useful for you to show your postgresql.conf file, which should have your SSL config options in.

David Pashley
  • 23,497
  • 2
  • 46
  • 73
  • I have tried both hostnossl to see that it worked without SSL and hostssl which had the same result as host when using SSL on the client. The uncommented lines from postgresql.conf are: data_directory = '/var/ebs0/postgres/main' hba_file = '/etc/postgresql/8.3/main/pg_hba.conf' ident_file = '/etc/postgresql/8.3/main/pg_ident.conf' external_pid_file = '/var/run/postgresql/8.3-main.pid' listen_addresses = '*' port = 5432 max_connections = 100 unix_socket_directory = '/var/run/postgresql' ssl = true shared_buffers = 24MB – Mitch Sep 08 '09 at 01:20
  • That's just strange. If you put hostnossl on the matching line in pg_hba.conf, it simply will not even *try* to speak SSL. Are you sure you remembered to reload the configuration after you changed it? – Magnus Hagander Sep 08 '09 at 07:50