7 Oct
2009
7 Oct
'09
10:20 a.m.
The db_postgres documentation doesn't say much about anything, really...
Is there support for TLS connections and how do I configure it if it
exist?
Thanks,
/O
7 Oct
7 Oct
10:47 a.m.
Olle E. Johansson schrieb:
The db_postgres documentation doesn't say much
about anything, really...
Is there support for TLS connections and how do I configure it if it exist?
Do you need client authentication? If not, AFAIK the connection the
postgresql is TLS if configured on the postgresql server.
/etc/postgresql/8.1/main/pg_hba.conf:
# This file controls: which hosts are allowed to connect, how clients
# are authenticated, which PostgreSQL user names they can use, which
# databases they can access. Records take one of these forms:
#
# local DATABASE USER METHOD [OPTION]
# host DATABASE USER CIDR-ADDRESS METHOD [OPTION]
# hostssl DATABASE USER CIDR-ADDRESS METHOD [OPTION]
# hostnossl DATABASE USER CIDR-ADDRESS METHOD [OPTION]
#
# (The uppercase items must be replaced by actual values.)
#
# The first field is the connection type: "local" is a Unix-domain socket,
# "host" is either a plain or SSL-encrypted TCP/IP socket, "hostssl"
is an
# SSL-encrypted TCP/IP socket, and "hostnossl" is a plain TCP/IP socket.
10:50 a.m.
7 okt 2009 kl. 09.47 skrev Klaus Darilion:
Olle E. Johansson schrieb:
Well, I need to be able
to control the server certificate verification
on the client side. And have an option to enable/disable SSL, set
crypto mechanisms, authentication options and so on...
The db_postgres documentation doesn't say
much about anything,
really...
Is there support for TLS connections and how do I configure it if
it exist?
Do you need client authentication? If not, AFAIK the connection the
postgresql is TLS if configured on the postgresql server.
/etc/postgresql/8.1/main/pg_hba.conf:
# This file controls: which hosts are allowed to connect, how clients
# are authenticated, which PostgreSQL user names they can use, which
# databases they can access. Records take one of these forms:
#
# local DATABASE USER METHOD [OPTION]
# host DATABASE USER CIDR-ADDRESS METHOD [OPTION]
# hostssl DATABASE USER CIDR-ADDRESS METHOD [OPTION]
# hostnossl DATABASE USER CIDR-ADDRESS METHOD [OPTION]
#
# (The uppercase items must be replaced by actual values.)
#
# The first field is the connection type: "local" is a Unix-domain
socket,
# "host" is either a plain or SSL-encrypted TCP/IP socket, "hostssl"
is an
# SSL-encrypted TCP/IP socket, and "hostnossl" is a plain TCP/IP
socket.
Happily, I am able to cover the whole server thing with a SEP field.
Somebody-elses-problem :-)
Thanks!
/O
11:05 a.m.
Olle E. Johansson schrieb:
7 okt 2009 kl. 09.47 skrev Klaus Darilion:
Never done that.
http://www.postgresql.org/docs/8.4/static/libpq-ssl.html
regards
klaus
Olle E. Johansson schrieb:
Well, I need to be able
to control the server certificate verification
on the client side. And have an option to enable/disable SSL, set crypto
mechanisms, authentication options and so on... The db_postgres documentation doesn't say
much about anything, really...
Is there support for TLS connections and how do I configure it if it
exist?
Do you need client authentication? If not, AFAIK the connection the
postgresql is TLS if configured on the postgresql server.
11:13 a.m.
7 okt 2009 kl. 10.05 skrev Klaus Darilion:
Olle E. Johansson schrieb:
Neither have I but there's a first time for everything, like the first
kiss and the first TLS connection ;-) And in most cases, you want to
know the other subject before proceeding...
I hope that someone has done this, otherwise I have to boldly go where
no man has gone before.
I have found some information that I can create a file in the user's
home directory with some config options, but that doesn't seem like
something that is easy to manage. Better to force it into the kamailio
configuration file.
I'll spend some time with doing this for Asterisk today, and if I'm
successful I can port some of that over to Kamailio/SIP-router.
/O
7 okt 2009 kl. 09.47 skrev Klaus Darilion:
Never done that.
http://www.postgresql.org/docs/8.4/static/libpq-ssl.html
Olle E. Johansson schrieb:
Well, I need to be
able to control the server certificate
verification on the client side. And have an option to enable/
disable SSL, set crypto mechanisms, authentication options and so
on... The db_postgres documentation doesn't say
much about anything,
really...
Is there support for TLS connections and how do I configure it if
it exist?
Do you need client authentication? If not, AFAIK the connection
the postgresql is TLS if configured on the postgresql server.
5525
days inactive
5525
days old
4 comments
2 participants
participants (2)
-
Klaus Darilion -
Olle E. Johansson