Bernard, > On 18 May 2021, at 22:23, Sven Van Caekenberghe <s...@stfx.eu> wrote: > > Tomorrow I will try to test plain and tls connections on my machine.
It took some trial & error with my local PostgreSQL server (on my mac I use https://postgresapp.com although I normally use the regular Ubuntu versions on servers). From a high level (P3, Pharo 7, macOS), I can do the following for a plain connection: P3LogEvent logToTranscript. (P3Client new url: 'psql://sven@localhost') in: [ :client | [ client isWorking ] ensure: [ client close ] ]. This returns true and shows the following in the Transcript: 2021-05-19 13:06:44 001 [P3] 68689 #Connect psql://sven@localhost:5432 Trust 2021-05-19 13:06:44 002 [P3] 68689 #Query SELECT 721 AS N 2021-05-19 13:06:44 003 [P3] 68689 #Result SELECT 1, 1 record, 1 colum, 0 ms 2021-05-19 13:06:44 004 [P3] 68689 #Close For a secure connection, either of the following work: (P3Client new url: 'psql://sven@localhost?sslmode=require') in: [ :client | [ client isWorking ] ensure: [ client close ] ]. (P3Client new url: 'psql://sven@localhost') in: [ :client | [ client connectSSL; isWorking ] ensure: [ client close ] ]. These both return true and give the same output: 2021-05-19 13:07:39 005 [P3] 68701 #Connect psql://sven@localhost:5432?sslmode=require Trust 2021-05-19 13:07:39 006 [P3] 68701 #Query SELECT 316 AS N 2021-05-19 13:07:39 007 [P3] 68701 #Result SELECT 1, 1 record, 1 colum, 0 ms 2021-05-19 13:07:39 008 [P3] 68701 #Close This is a local login without a password. Now, since you both got plain and secure connections working, there is no fundamental problem for either type, or the rest of your setup/situation. You seem to have hit some edge, resulting from a small configuration difference in one of the server you are trying to log in to. You say you get a "SSL Exception: connect failed [code:-5]" - we have to find out what the -5 means. As you can see in ZdcPluginSSLSession>>#primitiveSSL:connect:startingAt:count:into: these errors are not specified or explained. We will have to look into the SSL plugin C code for that, and maybe/probably consult the Windows documentation for the system calls used. Apart from certificate issues, it could also be a cipher issue (as in something specific is required but not available). Sven PS: to configure the server (version 13.2), I added the following to postgres.conf ssl = on ssl_cert_file = '/Users/sven/.ssh/ssl-cert-snakeoil.pem' ssl_key_file = '/Users/sven/.ssh/ssl-cert-snakeoil.key' the ssl-cert-snakeoil I took from a standard Ubuntu postgreSQL installation. In pg_hba.conf the first field allows you to control access over different connection types: - host = both plain & secure - hostssl = only secure - hostnossl = only plain
