[pgpool-hackers: 3487] Re: Cert auth in Pgpool-II
Muhammad Usama
m.usama at gmail.com
Wed Jan 8 22:34:57 JST 2020
Hi Ishii-San
Thanks for the confirmation, I am looking into this and will update with
the findings and possible fix
Thanks
Best regards
Muhammad Usama
On Wed, Jan 8, 2020 at 6:28 AM Tatsuo Ishii <ishii at sraoss.co.jp> wrote:
> > Hi Usama,
> >
> > Pgpool-II does support certificate authentication between client and
> > Pgpool-II but it does not support verify option. i.e. it treats as if
> > "clientcert=verify-full" in pg_hba.conf.
>
> I confirmed this.
>
> t-ishii$
> PGSSLCERT=/home/t-ishii/work/Pgpool-II/current/pgpool2/src/test/regression/tests/024.cert_auth/frontend.crt
> PGSSLKEY=/home/t-ishii/work/Pgpool-II/current/pgpool2/src/test/regression/tests/024.cert_auth/frontend.key
> psql --set=sslmode=require -h localhost -p 11000 -U foo test
>
> psql: error: could not connect to server: ERROR: CERT authentication
> failed
> DETAIL: no valid certificate presented
> FATAL: client authentication failed
> DETAIL: no pool_hba.conf entry for host "127.0.0.1", user "foo", database
> "test", SSL off
> HINT: see pgpool log for details
>
> Best regards,
> --
> Tatsuo Ishii
> SRA OSS, Inc. Japan
> English: http://www.sraoss.co.jp/index_en.php
> Japanese:http://www.sraoss.co.jp
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.sraoss.jp/pipermail/pgpool-hackers/attachments/20200108/d6ce9756/attachment.html>
More information about the pgpool-hackers
mailing list