hi, I was reading the post for BUG # 1321 (Date: Tue, 16 Nov 2004 13:30:33 -0700) the error "sslv3 alert handshake failure" that i have encountered now.
I have postgreSQL 8.0.1 and have OpenSSL 0.9.7a. I have read through the documentation and a few other sites. PG_HBA.CONF ---------------------- local all all trust host all all 127.0.0.1 255.255.255.255 trust host all all 192.168.0.0/16 trust hostssl dbm all 192.168.200.201 255.255.255.255 md5 SERVER -------------- (Fedora Core 2) Database =DBM, owner=dbmuser I have done the following steps: (a) openssl req -new -text -out server.req (b) openssl rsa -in privkey.pem -out server.key (c) rm privkey.pem (d) openssl req -x509 -in server.req -text -key server.key -out server.crt (e) chmod og-rwx server.key Above steps were from the documentation for 8.0. I tested the communication to a remote machine (hostssl'ed with md5 in pg_hba.conf) and the data (when viewed on ethereal) was encrypted. (f) ln -s server.crt root.crt (g) ln -s server.key root.key Now i have [root.crt, root.key, server.crt, server.key, server.req] files in /usr/local/pgsql/data (which is my $PGDATA) which are owned by "chown postgres:postgres". CLIENT ------------ psql -d dbm -c 'select * from hosts;' -U postgres -h 192.168.200.201 Here's where i am stuck. I created the directory ~/.postgresql as it never existed on remote machine (Fedora core 3) as user root. I have tried stopping and restarting the postmaster. I have following Questions: (a) How do i create the ~/.postgresql/postgresql.crt and ~/.postgresql/postgresql.key files (not sure about the commands)? (b) Where do i get the ~/.postgresql/root.crt from? (c) Is there anything else i am missing thats not in document or that i need to know? thanks, vish (Vishal Saberwal) ---------------------------(end of broadcast)--------------------------- TIP 2: Don't 'kill -9' the postmaster
