<div dir="ltr">That is good news.<div><br></div><div>Thanks, Tatsuo.</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Sun, May 4, 2014 at 7:11 AM, Tatsuo Ishii <span dir="ltr"><<a href="mailto:ishii@postgresql.org" target="_blank">ishii@postgresql.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Rick,<br>
<div class=""><br>
> On more inspection, it appears that even though the pgpool RPM was linked<br>
> to the SSL library when compiled, the --with-openssl directive was not<br>
> enabled. I compiled pgpool from source with the openssl directive, and now<br>
> have no problem with SSL connections.<br>
><br>
> In the future, I hope the PgPool team will consider releasing an<br>
> SSL-enabled RPM for download, as it makes widespread deployment of PgPool<br>
> much easier in an enterprise.<br>
<br>
</div>Sorry for the inconvenience. I have uploaded SSL-enabled RPM.<br>
<br>
<a href="http://www.pgpool.net/mediawiki/index.php/Downloads" target="_blank">http://www.pgpool.net/mediawiki/index.php/Downloads</a><br>
<br>
pgpool-II-pg93-3.3.3-2.pgdg.x86_64.rpm<br>
pgpool-II-pg93-devel-3.3.3-2.pgdg.x86_64.rpm<br>
pgpool-II-pg93-3.3.3-2.pgdg.src.rpm<br>
<br>
Please try.<br>
<br>
Best regards,<br>
--<br>
Tatsuo Ishii<br>
SRA OSS, Inc. Japan<br>
English: <a href="http://www.sraoss.co.jp/index_en.php" target="_blank">http://www.sraoss.co.jp/index_en.php</a><br>
Japanese: <a href="http://www.sraoss.co.jp" target="_blank">http://www.sraoss.co.jp</a><br>
<div><div class="h5"><br>
> Best regards,<br>
><br>
> Rick Morris<br>
><br>
><br>
> On Thu, May 1, 2014 at 4:12 PM, Rick Morris <<a href="mailto:rmorris@kss-inc.com">rmorris@kss-inc.com</a>> wrote:<br>
><br>
>> Hi All,<br>
>><br>
>> I can't get PgPool to support SSL connections, even though I follow the<br>
>> documented steps perfectly.<br>
>><br>
>> Scenario: 2 PostgreSQL servers with streaming replication (primary -><br>
>> standby), PgPool in load-balancing mode. Everything works fine with non-SSL<br>
>> connections.<br>
>><br>
>> 1. In the case of requiring SSL connections from the Postgres servers,<br>
>> connection attempts just fail with "pool_do_auth: maybe protocol version<br>
>> mismatch (current version 3)" while on the server side I see<br>
>><br>
>> "FATAL: no pg_hba.conf entry for host "192.168.10.10", user "postgres",<br>
>> database "template1", SSL off"<br>
>> (connection set to hostssl in pg_hba.conf).<br>
>><br>
>><br>
>> 2. In the case of enabling local SSL connections to PgPool, I configure<br>
>> pgpool.conf with<br>
>><br>
>> ssl = true<br>
>> ssl_key = '/etc/pgpool-II/server.key'<br>
>> ssl_cert = '/etc/pgpool-II/server.crt'<br>
>> (with self-signed cert, same as in the Postgres servers)<br>
>><br>
>> And when I connect locally to PgPool, the log shows<br>
>><br>
>> "pool_ssl: SSL requested but SSL support is not available"<br>
>><br>
>> And when I turn on debugging (set to 1 or 2 in pgpool.conf) I do not see<br>
>> SSL mentioned in the reported config keys during startup.<br>
>><br>
>><br>
>> System: Centos 6.5,<br>
>><br>
>> Installed binaries:<br>
>> pgpool-II-pg93-3.3.3-1.pgdg.x86_64<br>
>> postgresql93.x86_64 9.3.4-1PGDG.rhel6 @pgdg93<br>
>><br>
>> postgresql93-contrib.x86_64<br>
>> postgresql93-libs.x86_64<br>
>><br>
>> Library check:<br>
>> [root@server ~]# ldd /usr/bin/pgpool<br>
>> linux-vdso.so.1 =>(0x00007fff32f1c000)<br>
>> libpq.so.5 => /usr/pgsql-9.3/lib/libpq.so.5 (0x00007f2e121f0000)<br>
>> libpcp.so.0 => /usr/lib64/libpcp.so.0 (0x0000003663c00000)<br>
>> libpthread.so.0 => /lib64/libpthread.so.0 (0x0000003662800000)<br>
>> libpam.so.0 => /lib64/libpam.so.0 (0x0000003667400000)<br>
>> libcrypt.so.1 => /lib64/libcrypt.so.1 (0x0000003664800000)<br>
>> libresolv.so.2 => /lib64/libresolv.so.2 (0x0000003664000000)<br>
>> libnsl.so.1 => /lib64/libnsl.so.1 (0x0000003665400000)<br>
>> libm.so.6 => /lib64/libm.so.6 (0x0000003663000000)<br>
>> libc.so.6 => /lib64/libc.so.6 (0x0000003662400000)<br>
>> libssl.so.10 => /usr/lib64/libssl.so.10 (0x0000003669400000)<br>
>> libcrypto.so.10 => /usr/lib64/libcrypto.so.10 (0x0000003668400000)<br>
>> libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x0000003668000000)<br>
>> libldap_r-2.4.so.2 => /lib64/libldap_r-2.4.so.2 (0x0000003665000000)<br>
>> /lib64/ld-linux-x86-64.so.2 (0x0000003661c00000)<br>
>> libaudit.so.1 => /lib64/libaudit.so.1 (0x0000003666400000)<br>
>> libdl.so.2 => /lib64/libdl.so.2 (0x0000003662000000)<br>
>> libfreebl3.so => /lib64/libfreebl3.so (0x0000003664c00000)<br>
>> libkrb5.so.3 => /lib64/libkrb5.so.3 (0x0000003668c00000)<br>
>> libcom_err.so.2 => /lib64/libcom_err.so.2 (0x0000003664400000)<br>
>> libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x0000003669000000)<br>
>> libz.so.1 => /lib64/libz.so.1 (0x0000003663400000)<br>
>> libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x0000003668800000)<br>
>> libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x0000003667c00000)<br>
>> liblber-2.4.so.2 => /lib64/liblber-2.4.so.2 (0x0000003669c00000)<br>
>> libssl3.so => /usr/lib64/libssl3.so (0x0000003667000000)<br>
>> libsmime3.so => /usr/lib64/libsmime3.so (0x0000003667800000)<br>
>> libnss3.so => /usr/lib64/libnss3.so (0x0000003665c00000)<br>
>> libnssutil3.so => /usr/lib64/libnssutil3.so (0x0000003665800000)<br>
>> libplds4.so => /lib64/libplds4.so (0x0000003666000000)<br>
>> libplc4.so => /lib64/libplc4.so (0x0000003666800000)<br>
>> libnspr4.so => /lib64/libnspr4.so (0x0000003666c00000)<br>
>> libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x0000003669800000)<br>
>> libselinux.so.1 => /lib64/libselinux.so.1 (0x0000003663800000)<br>
>> librt.so.1 => /lib64/librt.so.1 (0x0000003662c00000)<br>
>><br>
>> PgPool master process<br>
>> /usr/bin/pgpool -f /etc/pgpool-II/pgpool.conf -n<br>
>><br>
>> I am at a loss. Is there anything else I can look for to figure out why<br>
>> SSL is not loading?<br>
>><br>
>> Thanks<br>
>><br>
>> Rick Morris<br>
>><br>
><br>
</div></div>> --<br>
<div class="HOEnZb"><div class="h5">><br>
><br>
><br>
> Confidentiality Statement<br>
> This email and any files transmitted with it are confidential and intended<br>
> solely for the use of the individual or entity to whom they are addressed.<br>
> If you have received this email in error please notify the system manager.<br>
> This message contains confidential information and is intended only for the<br>
> individual named. If you are not the named addressee you should not<br>
> disseminate, distribute or copy this e-mail. Please notify the sender<br>
> immediately by e-mail if you have received this e-mail by mistake and<br>
> delete this e-mail from your system. If you are not the intended recipient<br>
> you are notified that disclosing, copying, distributing or taking any<br>
> action in reliance on the contents of this information is strictly<br>
> prohibited.<br>
> KnowledgeSource, 580 Harrison Ave, Boston MA 02118<br>
><br>
</div></div></blockquote></div><br></div>
<br>
<div align="center"><font face="Verdana" size="2"><br><br><br><font color="gray">Confidentiality Statement<br>This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.<br></font></font></div><font color="gray" size="2"><font color="black">KnowledgeSource, 580 Harrison Ave, Boston MA 02118</font><br></font><br>