[naviserver-devel] nsdbpg SSL mode
Hi, Can anyone tell us if it's possible to use the Naviserver nsdbpg drivers to connect directly via SSL to a SSL enabled Postgresql database? I think we'd be able to encrypt communication between an application server and DB server using stunnel if not, but wondered if this is something nsdbpg supports directly? Regards, -- David -- DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access Free app hosting. Or install the open source package on any LAMP server. Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native! http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk___ naviserver-devel mailing list naviserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/naviserver-devel
Re: [naviserver-devel] nsdbpg SSL mode
Anyone? I am experimenting with Amazon RDS and it appears to require SSL. My naviserver nsdbipg module seems to barf on it. psql connects fine. On Mon, Nov 18, 2013 at 7:23 AM, David Osborne wrote: > > Hi, > > Can anyone tell us if it's possible to use the Naviserver nsdbpg drivers > to connect directly via SSL to a SSL enabled Postgresql database? > > I think we'd be able to encrypt communication between an application > server and DB server using stunnel if not, but wondered if this is > something nsdbpg supports directly? > > Regards, > -- > David > > > -- > DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps > OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access > Free app hosting. Or install the open source package on any LAMP server. > Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native! > http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk > ___ > naviserver-devel mailing list > naviserver-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/naviserver-devel > > -- Sponsored by Intel(R) XDK Develop, test and display web and hybrid apps with a single code base. Download it for free now! http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk___ naviserver-devel mailing list naviserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/naviserver-devel
Re: [naviserver-devel] nsdbpg SSL mode
On Thu, Dec 5, 2013 at 11:44 PM, Ian Harding wrote: > > My naviserver nsdbipg module seems to barf on it. > psql connects fine. nsbipg is configured with a datasource param which lets you pass any key=value pairs directly through to libpq. According to: http://www.postgresql.org/docs/current/static/libpq-connect.html#LIBPQ-PARAMKEYWORDS ...the default sslmode is prefer, which apparently means "don't bother trying". You actually need sslmode=require. nsdbpg unfortunately implements it's own datasource parsing so you're stuck with user:host:db Are you also using nsssl? Looks like some modifications are required: http://www.postgresql.org/docs/9.3/static/libpq-ssl.html#LIBPQ-SSL-INITIALIZE If your application initializes libssl and/or libcrypto libraries and libpq is built with SSL support, you should call PQinitOpenSSL to tell libpq that the libssl and/or libcrypto libraries have been initialized by your application, so that libpq will not also initialize those libraries. But you could try connecting to the db via ssl with nsssl unloaded, to confirm that it works. Not sure what the best way is to coordinate with nsssl who should init the openssl library. -- Sponsored by Intel(R) XDK Develop, test and display web and hybrid apps with a single code base. Download it for free now! http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk ___ naviserver-devel mailing list naviserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/naviserver-devel
Re: [naviserver-devel] nsdbpg SSL mode
Amazon Postgresql RDS? That was exactly why we were asking. (slightly off-topic - apologies) We found that Postgresql RDS SSL was optional though.. could happily connect directly to the RDS instance via psql "sslmode=disable"... and also via nsdbpg but think this connection wouldn't be encrypted. If you want to try stunnel we had to use the following client config to connect successfully directly to a Postgresql RDS instance (we haven't heavily tested this yet be warned): [postgresql] protocol = pgsql client = yes accept = localhost:5432 connect = pg_rds_server:5432 options = NO_TICKET -- David On 5 December 2013 23:44, Ian Harding wrote: > Anyone? I am experimenting with Amazon RDS and it appears to require > SSL. My naviserver nsdbipg module seems to barf on it. psql connects fine. > > -- Sponsored by Intel(R) XDK Develop, test and display web and hybrid apps with a single code base. Download it for free now! http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk___ naviserver-devel mailing list naviserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/naviserver-devel
