Re: [BUGS] BUG #1321: SSL error: sslv3 alert handshake failure
To clarify, what I have experienced was in all versions of 8.0.0.beta,
it did not just happen between 3 to 4. It was the change from 7.4 to
8.0. The error was not just windows based as I built psql on a seperate
linux machine communicating with a linux server and got the same
results. I created a client.crt client.key and placed them into the data
directory, no change. I read the below post again and renamed the files
to postgresql.crt and postgresql.key. No change. Read the below post
very carefully AGAIN and then copied those files up one directory into
the main pgsql dir. No change. Did I miss something?
Michael Fuhr wrote:
On Tue, Nov 16, 2004 at 03:33:49PM -0500, Tom Lane wrote:
Michael Fuhr <[EMAIL PROTECTED]> writes:
Sounds like a problem due to the backend in recent betas demanding
a client certificate if $PGDATA/root.crt exists, but the client
certificate doesn't exist in ~/.postgresql/postgresql.{crt,key}.
If that is the problem, it's still broken because the error message
is so unhelpful. (I'm quite certain I tested that case last time
I touched the SSL code, and it said something reasonable then.)
I get the following error if I use an 8.0.0beta4 client to connect
to an 8.0.0beta4 server that has a root.crt, but the client certificate
doesn't exist in ~/.postgresql:
psql: SSL error: sslv3 alert handshake failure
The server logs the following:
LOG: could not accept SSL connection: 1
If the certificate exists but I use a 7.4.6 client, then the client
fails with the following:
psql: unrecognized SSL error code
The server logs this:
LOG: could not accept SSL connection: 5
---(end of broadcast)---
TIP 7: don't forget to increase your free space map settings
[BUGS] More SSL questions..
Having some problems (still, hehe) getting SSL to work properly on windows in the new 8.0 (all vers) environment (where cert/key is required). On the client side when not finding the certificate/key psql would report the SSL error sslv3 alert handshale failure. After I figured out where psql was looking for the files and placing them there I now get the error: SSL SYSCALL error: Connection reset by peer (0x2746/10054). On the server side it still reports that the peer did not return a certificate. I am able to connect to the server just fine using the same certificate/key on a linux machine...so I'm guessing it's just another good ol' windows issue? :) ---(end of broadcast)--- TIP 6: Have you searched our list archives? http://archives.postgresql.org
[BUGS] BUG #1369: RC3 Compilation fails on mingw
The following bug has been logged online: Bug reference: 1369 Logged by: T.J. Email address: [EMAIL PROTECTED] PostgreSQL version: 8.0 Operating system: Windows XP Description:RC3 Compilation fails on mingw Details: Tested RC2 and RC3 --with-openssl configured. RC2 makes and installs fine. RC3, however, has this to say when trying make: gcc -O2 -Wall -Wmissing-prototypes -Wpointer-arith -Wdeclaration-after-statement -Wold-style-definition -Wendif-labels -fno-strict-aliasing -DFRONTEND -I../.. /../../src/interfaces/ecpg/include -I../../../../src/interfaces/libpq -I../../../../src/port -I../../../../src/include -I./src/include/port/win32 -DEXEC_BACKEND "-I../../../../src/include/port/win32" -DBUILDING_DLL -c -o path.o path.c path.c: In function `get_share_path': path.c:375: error: `PGSHAREDIR' undeclared (first use in this function) path.c:375: error: (Each undeclared identifier is reported only once path.c:375: error: for each function it appears in.) path.c:375: error: `PGBINDIR' undeclared (first use in this function) path.c: In function `get_etc_path': path.c:384: error: `PGBINDIR' undeclared (first use in this function) path.c: In function `get_include_path': path.c:393: error: `INCLUDEDIR' undeclared (first use in this function) path.c:393: error: `PGBINDIR' undeclared (first use in this function) path.c: In function `get_pkginclude_path': path.c:402: error: `PKGINCLUDEDIR' undeclared (first use in this function) path.c:402: error: `PGBINDIR' undeclared (first use in this function) path.c: In function `get_includeserver_path': path.c:411: error: `INCLUDEDIRSERVER' undeclared (first use in this function) path.c:411: error: `PGBINDIR' undeclared (first use in this function) path.c: In function `get_lib_path': path.c:420: error: `LIBDIR' undeclared (first use in this function) path.c:420: error: `PGBINDIR' undeclared (first use in this function) path.c: In function `get_pkglib_path': path.c:429: error: `PKGLIBDIR' undeclared (first use in this function) path.c:429: error: `PGBINDIR' undeclared (first use in this function) path.c: In function `get_locale_path': path.c:438: error: `LOCALEDIR' undeclared (first use in this function) path.c:438: error: `PGBINDIR' undeclared (first use in this function) make[4]: *** [path.o] Error 1 make[4]: Leaving directory `/c/postgresql-8.0.0rc3/src/interfaces/ecpg/ecpglib' make[3]: *** [all] Error 2 make[3]: Leaving directory `/c/postgresql-8.0.0rc3/src/interfaces/ecpg' make[2]: *** [all] Error 2 make[2]: Leaving directory `/c/postgresql-8.0.0rc3/src/interfaces' make[1]: *** [all] Error 2 make[1]: Leaving directory `/c/postgresql-8.0.0rc3/src' make: *** [all] Error 2 ---(end of broadcast)--- TIP 8: explain analyze is your friend
Re: [BUGS] BUG #1369: RC3 Compilation fails on mingw
Yeah, I redownloaded and tried again with no problems...weird...sorry for the false positive ;) Magnus Hagander wrote: I just rebuilt RC3 from scratch without any problems on MingW. I don't see any problems. The paths it's complaining about should be in src/port/pg_config_paths.h, and this file should automatically be rebuilt. Check if it's corrupted, and try removing it and rebuild that directory (first, then the ecpg dir that is failing). //Magnus -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of T.J. Sent: den 2 januari 2005 03:26 To: pgsql-bugs@postgresql.org Subject: [BUGS] BUG #1369: RC3 Compilation fails on mingw The following bug has been logged online: Bug reference: 1369 Logged by: T.J. Email address: [EMAIL PROTECTED] PostgreSQL version: 8.0 Operating system: Windows XP Description:RC3 Compilation fails on mingw Details: Tested RC2 and RC3 --with-openssl configured. RC2 makes and installs fine. RC3, however, has this to say when trying make: gcc -O2 -Wall -Wmissing-prototypes -Wpointer-arith -Wdeclaration-after-statement -Wold-style-definition -Wendif-labels -fno-strict-aliasing -DFRONTEND -I../.. /../../src/interfaces/ecpg/include -I../../../../src/interfaces/libpq -I../../../../src/port -I../../../../src/include -I./src/include/port/win32 -DEXEC_BACKEND "-I../../../../src/include/port/win32" -DBUILDING_DLL -c -o path.o path.c path.c: In function `get_share_path': path.c:375: error: `PGSHAREDIR' undeclared (first use in this function) path.c:375: error: (Each undeclared identifier is reported only once path.c:375: error: for each function it appears in.) path.c:375: error: `PGBINDIR' undeclared (first use in this function) path.c: In function `get_etc_path': path.c:384: error: `PGBINDIR' undeclared (first use in this function) path.c: In function `get_include_path': path.c:393: error: `INCLUDEDIR' undeclared (first use in this function) path.c:393: error: `PGBINDIR' undeclared (first use in this function) path.c: In function `get_pkginclude_path': path.c:402: error: `PKGINCLUDEDIR' undeclared (first use in this function) path.c:402: error: `PGBINDIR' undeclared (first use in this function) path.c: In function `get_includeserver_path': path.c:411: error: `INCLUDEDIRSERVER' undeclared (first use in this function) path.c:411: error: `PGBINDIR' undeclared (first use in this function) path.c: In function `get_lib_path': path.c:420: error: `LIBDIR' undeclared (first use in this function) path.c:420: error: `PGBINDIR' undeclared (first use in this function) path.c: In function `get_pkglib_path': path.c:429: error: `PKGLIBDIR' undeclared (first use in this function) path.c:429: error: `PGBINDIR' undeclared (first use in this function) path.c: In function `get_locale_path': path.c:438: error: `LOCALEDIR' undeclared (first use in this function) path.c:438: error: `PGBINDIR' undeclared (first use in this function) make[4]: *** [path.o] Error 1 make[4]: Leaving directory `/c/postgresql-8.0.0rc3/src/interfaces/ecpg/ecpglib' make[3]: *** [all] Error 2 make[3]: Leaving directory `/c/postgresql-8.0.0rc3/src/interfaces/ecpg' make[2]: *** [all] Error 2 make[2]: Leaving directory `/c/postgresql-8.0.0rc3/src/interfaces' make[1]: *** [all] Error 2 make[1]: Leaving directory `/c/postgresql-8.0.0rc3/src' make: *** [all] Error 2 ---(end of broadcast)--- TIP 8: explain analyze is your friend ---(end of broadcast)--- TIP 8: explain analyze is your friend
Re: [BUGS] More SSL questions..
Not to my knowledge. By the way, for future reference on windows it looks for the cert/key in the linux equivalent of `pwd`/.postgresql/postgresql.crt/key, instead of $HOME/.postgresql/postgresql.crt/key. Maybe you already knew this but I had to do testing to figure it out so hopefully that bit of knowledge will be of use to someone else :) I tried looking through the source myself for the cause of this problem but I guess there's a reason my perl is so sharp and c so rusty these days.. Don't know if it makes much difference but I have built with vcwin and mingw with the same resulting error. Bruce Momjian wrote: Did we ever find the solution to this, or did anyone find the cause? ------- T.J. wrote: Having some problems (still, hehe) getting SSL to work properly on windows in the new 8.0 (all vers) environment (where cert/key is required). On the client side when not finding the certificate/key psql would report the SSL error sslv3 alert handshale failure. After I figured out where psql was looking for the files and placing them there I now get the error: SSL SYSCALL error: Connection reset by peer (0x2746/10054). On the server side it still reports that the peer did not return a certificate. I am able to connect to the server just fine using the same certificate/key on a linux machine...so I'm guessing it's just another good ol' windows issue? :) ---(end of broadcast)--- TIP 6: Have you searched our list archives? http://archives.postgresql.org ---(end of broadcast)--- TIP 2: you can get off all lists at once with the unregister command (send "unregister YourEmailAddressHere" to [EMAIL PROTECTED])
Re: [BUGS] More SSL questions..
After some more screwing around, I'm not entirely certain windows is even trying to open my certs. After repeatedly trying to connect it seemed like I was getting an equal amount of the sslv3 and SSL SYSCALL errors, whether or not the certs were (where I thought?) windows was looking for them.. Which leads me to my next question; that function client_cert_cb, does it ever get executed on windows? :) I mean, that's the function with the useful error messages (that helped me on linux), is it not? And the error messages on windows are anything but useful...and at the beginning of that function there is a: #ifdef WIN32 return 0; #else ... (function) return 1; #endif Tom Lane wrote: "T.J." <[EMAIL PROTECTED]> writes: Not to my knowledge. By the way, for future reference on windows it looks for the cert/key in the linux equivalent of `pwd`/.postgresql/postgresql.crt/key, instead of $HOME/.postgresql/postgresql.crt/key. Actually, it asks getpwuid() for the user's home directory, rather than looking for an environment variable named HOME. See client_cert_cb() in fe-secure.c. This could probably be documented better, but I'm not sure how. The average user is even less likely to be familiar with getpwuid() than $HOME, so it doesn't seem like referencing that library function is much of an improvement. regards, tom lane ---(end of broadcast)--- TIP 5: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faqs/FAQ.html
Re: [BUGS] More SSL questions..
Yeah I already tried removing the ifdef's...oh BOY was it not happy :'( Tom Lane wrote: "T.J." <[EMAIL PROTECTED]> writes: Which leads me to my next question; that function client_cert_cb, does it ever get executed on windows? :) Um. Looks like someone ifdef'd it out :-(. In fact, if you look through fe-secure.c, you'll see that just about all the SSL code is ifdef'd out on Windows. Try removing the #ifs and see if it compiles. win32 hackers, anyone know why it's like this? regards, tom lane ---(end of broadcast)--- TIP 9: the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match
[BUGS] Windows compilation
Anyone else notice breakage from 8.0.0 to 8.0.1 using msvc(6)? Was just about to update my client libraries and I got an unresolved external symbol SHGetFolderPath in fe-connect.c, wasn't 8.0.0 using SHGetSpecialFolderPath? ---(end of broadcast)--- TIP 6: Have you searched our list archives? http://archives.postgresql.org
Re: [BUGS] BUG #2604: Bug's
This has to be the most insightful and well thought out bug report I've ever read. Maykon wrote: The following bug has been logged online: Bug reference: 2604 Logged by: Maykon Email address: [EMAIL PROTECTED] PostgreSQL version: -- Operating system: win & linux Description:Bug's Details: All mirrors are with problem practically! Thanks.. ---(end of broadcast)--- TIP 3: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faq ---(end of broadcast)--- TIP 3: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faq
Re: [BUGS] Ref: BUG#1321: SSL error: sslv3 alert handshake failure
Vishal, I can't recall but I think if you use 8.0.3 the error would offer more explanation. Bug 1321 was related to SSL support on windows. The error you are getting isn't a bug. It's basically telling you it can't find the postgresql.key and postgresql.crt. For creating SSL certs I've always used the MySQL example at http://dev.mysql.com/doc/mysql/en/secure-create-certs.html You can ignore the last part about setting up my.cnf. Instead of doing the "replace ./demoCA $DIR -- $DIR/openssl.cnf" as they suggest just manually open your openssl.cnf file and change the ./demoCA to the location of your openssl.cnf file. Once finished rename some files: cacert.pem => root.crt cakey.pem => root.key server-key.pem => server.key server-cert.pem => server.crt client-key.pem => postgresql.key client-cert.pem => postgresql.crt Place the postgresql.* files into the ~/.postgresql directory on the client side. So that answers a). b) The client shouldn't be looking for root.crt c) That should do it. If you have any more questions feel free to email me off the list and I'll see what else ya need help with. T.J. vishal saberwal wrote: hi, I was reading the post for BUG # 1321 (Date: Tue, 16 Nov 2004 13:30:33 -0700) the error "sslv3 alert handshake failure" that i have encountered now. I have postgreSQL 8.0.1 and have OpenSSL 0.9.7a. I have read through the documentation and a few other sites. PG_HBA.CONF -- local all all trust host all all 127.0.0.1 255.255.255.255 trust host all all 192.168.0.0/16 trust hostssl dbm all 192.168.200.201 255.255.255.255 md5 SERVER -- (Fedora Core 2) Database =DBM, owner=dbmuser I have done the following steps: (a) openssl req -new -text -out server.req (b) openssl rsa -in privkey.pem -out server.key (c) rm privkey.pem (d) openssl req -x509 -in server.req -text -key server.key -out server.crt (e) chmod og-rwx server.key Above steps were from the documentation for 8.0. I tested the communication to a remote machine (hostssl'ed with md5 in pg_hba.conf) and the data (when viewed on ethereal) was encrypted. (f) ln -s server.crt root.crt (g) ln -s server.key root.key Now i have [root.crt, root.key, server.crt, server.key, server.req] files in /usr/local/pgsql/data (which is my $PGDATA) which are owned by "chown postgres:postgres". CLIENT psql -d dbm -c 'select * from hosts;' -U postgres -h 192.168.200.201 Here's where i am stuck. I created the directory ~/.postgresql as it never existed on remote machine (Fedora core 3) as user root. I have tried stopping and restarting the postmaster. I have following Questions: (a) How do i create the ~/.postgresql/postgresql.crt and ~/.postgresql/postgresql.key files (not sure about the commands)? (b) Where do i get the ~/.postgresql/root.crt from? (c) Is there anything else i am missing thats not in document or that i need to know? thanks, vish (Vishal Saberwal) ---(end of broadcast)--- TIP 2: Don't 'kill -9' the postmaster ---(end of broadcast)--- TIP 5: don't forget to increase your free space map settings
Re: [BUGS] HELP
Someone discovered our diabolical plot to secretly install postgres on every computer across the globe! Quickly! Dispatch the Deadly Viper Assassination Squad to silence him! Vaccaro wrote: I never download your product i don't even know what it is. When i started my computer up i saw 2 new accounts created. User Accounts. The accounts names were postgres services. It was password protected and limited account. I am running on windows XP. I Did delete the accounts. I want to know what happened i want it fixed. And i never want this to happen again ---(end of broadcast)--- TIP 9: In versions below 8.0, the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match
Re: [BUGS] BUG #2393: update fails with unique constraint violation
Isn't that expected? Your query will try to update row 3 first and set the primary key to 5, which in fact would violate the primary key constraint on that table. Laurence Dawson wrote: And then try an update: lstore=> select * from test.test; a 1 2 3 4 5 6 7 8 9 10 (10 rows) lstore=> update test.test set a = a + 2 where a >= 3; ERROR: duplicate key violates unique constraint "pk" lstore=> ---(end of broadcast)--- TIP 3: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faq
