[pgpool-general: 2802] PgPool SSL problems: library refuses to load, even though enabled

Fri May 2 05:12:30 JST 2014

Hi All,

I can't get PgPool to support SSL connections, even though I follow the
documented steps perfectly.

Scenario: 2 PostgreSQL servers with streaming replication (primary ->
standby), PgPool in load-balancing mode. Everything works fine with non-SSL
connections.

1. In the case of requiring SSL connections from the Postgres servers,
connection attempts just fail with "pool_do_auth: maybe protocol version
mismatch (current version 3)" while on the server side I see

"FATAL:  no pg_hba.conf entry for host "192.168.10.10", user "postgres",
database "template1", SSL off"
(connection set to hostssl in pg_hba.conf).

2. In the case of enabling local SSL connections to PgPool, I configure
pgpool.conf with

ssl = true
ssl_key = '/etc/pgpool-II/server.key'
ssl_cert = '/etc/pgpool-II/server.crt'
(with self-signed cert, same as in the Postgres servers)

And when I connect locally to PgPool, the log shows

"pool_ssl: SSL requested but SSL support is not available"

And when I turn on debugging (set to 1 or 2 in pgpool.conf) I do not see
SSL mentioned in the reported config keys during startup.

System: Centos 6.5,

Installed binaries:
pgpool-II-pg93-3.3.3-1.pgdg.x86_64
postgresql93.x86_64   9.3.4-1PGDG.rhel6 @pgdg93

postgresql93-contrib.x86_64
postgresql93-libs.x86_64

Library check:
[root at server ~]# ldd /usr/bin/pgpool
linux-vdso.so.1 =>(0x00007fff32f1c000)
libpq.so.5 => /usr/pgsql-9.3/lib/libpq.so.5 (0x00007f2e121f0000)
libpcp.so.0 => /usr/lib64/libpcp.so.0 (0x0000003663c00000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x0000003662800000)
libpam.so.0 => /lib64/libpam.so.0 (0x0000003667400000)
libcrypt.so.1 => /lib64/libcrypt.so.1 (0x0000003664800000)
libresolv.so.2 => /lib64/libresolv.so.2 (0x0000003664000000)
libnsl.so.1 => /lib64/libnsl.so.1 (0x0000003665400000)
libm.so.6 => /lib64/libm.so.6 (0x0000003663000000)
libc.so.6 => /lib64/libc.so.6 (0x0000003662400000)
libssl.so.10 => /usr/lib64/libssl.so.10 (0x0000003669400000)
libcrypto.so.10 => /usr/lib64/libcrypto.so.10 (0x0000003668400000)
libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x0000003668000000)
libldap_r-2.4.so.2 => /lib64/libldap_r-2.4.so.2 (0x0000003665000000)
/lib64/ld-linux-x86-64.so.2 (0x0000003661c00000)
libaudit.so.1 => /lib64/libaudit.so.1 (0x0000003666400000)
libdl.so.2 => /lib64/libdl.so.2 (0x0000003662000000)
libfreebl3.so => /lib64/libfreebl3.so (0x0000003664c00000)
libkrb5.so.3 => /lib64/libkrb5.so.3 (0x0000003668c00000)
libcom_err.so.2 => /lib64/libcom_err.so.2 (0x0000003664400000)
libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x0000003669000000)
libz.so.1 => /lib64/libz.so.1 (0x0000003663400000)
libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x0000003668800000)
libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x0000003667c00000)
liblber-2.4.so.2 => /lib64/liblber-2.4.so.2 (0x0000003669c00000)
libssl3.so => /usr/lib64/libssl3.so (0x0000003667000000)
libsmime3.so => /usr/lib64/libsmime3.so (0x0000003667800000)
libnss3.so => /usr/lib64/libnss3.so (0x0000003665c00000)
libnssutil3.so => /usr/lib64/libnssutil3.so (0x0000003665800000)
libplds4.so => /lib64/libplds4.so (0x0000003666000000)
libplc4.so => /lib64/libplc4.so (0x0000003666800000)
libnspr4.so => /lib64/libnspr4.so (0x0000003666c00000)
libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x0000003669800000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x0000003663800000)
librt.so.1 => /lib64/librt.so.1 (0x0000003662c00000)

PgPool master process
/usr/bin/pgpool -f /etc/pgpool-II/pgpool.conf -n

I am at a loss. Is there anything else I can look for to figure out why SSL
is not loading?

Thanks

Rick Morris

-- 

Confidentiality Statement
This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. 
If you have received this email in error please notify the system manager. 
This message contains confidential information and is intended only for the 
individual named. If you are not the named addressee you should not 
disseminate, distribute or copy this e-mail. Please notify the sender 
immediately by e-mail if you have received this e-mail by mistake and 
delete this e-mail from your system. If you are not the intended recipient 
you are notified that disclosing, copying, distributing or taking any 
action in reliance on the contents of this information is strictly 
prohibited.
KnowledgeSource, 580 Harrison Ave, Boston MA 02118

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pgpool.net/pipermail/pgpool-general/attachments/20140501/839efff5/attachment.htm>