[pgpool-hackers: 3487] Re: Cert auth in Pgpool-II

Muhammad Usama m.usama at gmail.com
Wed Jan 8 22:34:57 JST 2020


Hi Ishii-San

Thanks for the confirmation, I am looking into this and will update with
the findings and possible fix

Thanks
Best regards
Muhammad Usama


On Wed, Jan 8, 2020 at 6:28 AM Tatsuo Ishii <ishii at sraoss.co.jp> wrote:

> > Hi Usama,
> >
> > Pgpool-II does support certificate authentication between client and
> > Pgpool-II but it does not support verify option. i.e.  it treats as if
> > "clientcert=verify-full" in pg_hba.conf.
>
> I confirmed this.
>
> t-ishii$
> PGSSLCERT=/home/t-ishii/work/Pgpool-II/current/pgpool2/src/test/regression/tests/024.cert_auth/frontend.crt
> PGSSLKEY=/home/t-ishii/work/Pgpool-II/current/pgpool2/src/test/regression/tests/024.cert_auth/frontend.key
> psql --set=sslmode=require -h localhost -p 11000 -U foo test
>
> psql: error: could not connect to server: ERROR:  CERT authentication
> failed
> DETAIL:  no valid certificate presented
> FATAL:  client authentication failed
> DETAIL:  no pool_hba.conf entry for host "127.0.0.1", user "foo", database
> "test", SSL off
> HINT:  see pgpool log for details
>
> Best regards,
> --
> Tatsuo Ishii
> SRA OSS, Inc. Japan
> English: http://www.sraoss.co.jp/index_en.php
> Japanese:http://www.sraoss.co.jp
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.sraoss.jp/pipermail/pgpool-hackers/attachments/20200108/d6ce9756/attachment.html>


More information about the pgpool-hackers mailing list