Re: [GENERAL] PG84 and SSL on CentOS-5.5 was PG84 and SELinux
On Tue, 2010-12-07 at 16:54 -0500, James B. Byrne wrote: I received absolutely no reply to my question on the CentOS mailing list so I have to turn to this venue again for help. I note the following things: postgresql-server.i386 8.4.4-2PGDG.el5 installed openssl.i686 0.9.8e-12.el5_4.6 installed Might there be a problem between the server being compiled for i386 and openssl for i686? I cannot for the life of me determine what configuration problem causes this error. No those lib differences are both still 32bit. You would have a problem if one was 64bit. So you should be fine there. Joshua D. Drake -- PostgreSQL.org Major Contributor Command Prompt, Inc: http://www.commandprompt.com/ - 509.416.6579 Consulting, Training, Support, Custom Development, Engineering http://twitter.com/cmdpromptinc | http://identi.ca/commandprompt -- Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
Re: [GENERAL] PG84 and SSL on CentOS-5.5 was PG84 and SELinux
On Tue, December 7, 2010 16:56, Joshua D. Drake wrote: No those lib differences are both still 32bit. You would have a problem if one was 64bit. So you should be fine there. Joshua D. Drake Ok. How do I get postgresql to cough up more processing detail on startup? The message that I presently get makes no sense at all to me. -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 -- Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
Re: [GENERAL] PG84 and SSL on CentOS-5.5 was PG84 and SELinux
James B. Byrne byrn...@harte-lyne.ca writes: Ok. How do I get postgresql to cough up more processing detail on startup? The message that I presently get makes no sense at all to me. The message isn't coming from postgres --- it's openssl that you're wishing would be more verbose. What I'd try next is strace'ing the postmaster so you can see what happened right before the error report. With luck that will point you at a specific configuration file that's (presumably) messed up. regards, tom lane -- Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
Re: [GENERAL] PG84 and SSL on CentOS-5.5 was PG84 and SELinux
On Tue, Dec 07, 2010 at 05:15:45PM -0500, James B. Byrne wrote: On Tue, December 7, 2010 16:56, Joshua D. Drake wrote: No those lib differences are both still 32bit. You would have a problem if one was 64bit. So you should be fine there. Joshua D. Drake Ok. How do I get postgresql to cough up more processing detail on startup? The message that I presently get makes no sense at all to me. do we know that pg was compiled with ssl? maybe a bonehead question, but low hanging fruit is my specialty. -- Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
Re: [GENERAL] PG84 and SSL on CentOS-5.5 was PG84 and SELinux
I have now tracked down and resolved the problem. There were clues to the solution in the error message but I lacked sufficient experience with ssl to realize it. The error was an uncommented line in /etc/pki/tls/openssl.cnf that depended upon an environment variable (ALTNAME) being set (subjectAltName=$ENV::ALTNAME). This was line 270 in that file. Note the error message: Auto configuration failed 29006:error:0E065068:configuration file routines:STR_COPY:variable has no value:conf_def.c:629:line 207 Given what I know now I infer that conf_def is the variable that holds the actual file name of whatever configuration file is passed to openssl. The error message would have been far more informative had it provided the variable value rather than the variable name. And, I have no idea why PG84 choked on this and PG81 did not. Anyway, our upgraded PG84 service is now running with ssl enabled. Many thanks for the hints and suggestions. They did in fact eventually point me in the right direction. -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 -- Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general