[lnkForumImage]
TotalShareware - Download Free Software
Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

Forums >

comp.lang.ruby

PostgreSQL in Ruby with SSL connections

Kevin Brown

1/20/2006 9:42:00 PM

Is SSL supported with the ruby postgres adapter? I'd like to SSL the
connections, but looking at the rdoc, I'm not seeing anything about
it, though there is a mysterious "options" parameter. I can already
connect to my postgres server with pgadmin3, so I know everything is
set up correctly, so how to I tell the ruby code to get on board?
12 Answers

Dick Davies

1/21/2006 7:28:00 AM

0

It's handled transparently by libpq. If you're using the C library,
you don't need to worry about it.

On 20/01/06, Kevin Brown <blargity@gmail.com> wrote:
> Is SSL supported with the ruby postgres adapter? I'd like to SSL the
> connections, but looking at the rdoc, I'm not seeing anything about
> it, though there is a mysterious "options" parameter. I can already
> connect to my postgres server with pgadmin3, so I know everything is
> set up correctly, so how to I tell the ruby code to get on board?
>
>


--
Rasputin :: Jack of All Trades - Master of Nuns
http://number9.helloope...

Kevin Brown

1/25/2006 2:00:00 AM

0

I'd like to use SSL certificate authentication, and that happens
transparently? Don't I need to supply a cert? It's not looking in the
~/.postgresql directory for it like psql does...?

On 1/20/06, Dick Davies <rasputnik@gmail.com> wrote:
>
> It's handled transparently by libpq. If you're using the C library,
> you don't need to worry about it.
>
> On 20/01/06, Kevin Brown <blargity@gmail.com> wrote:
> > Is SSL supported with the ruby postgres adapter? I'd like to SSL the
> > connections, but looking at the rdoc, I'm not seeing anything about
> > it, though there is a mysterious "options" parameter. I can already
> > connect to my postgres server with pgadmin3, so I know everything is
> > set up correctly, so how to I tell the ruby code to get on board?
> >
> >
>
>
> --
> Rasputin :: Jack of All Trades - Master of Nuns
> http://number9.helloope...
>
>

Dick Davies

1/25/2006 11:30:00 AM

0

Sorry, you didn't mention client auth. Haven't tried that
(but server auth worked fine for me before now).


On 25/01/06, Kevin Brown <blargity@gmail.com> wrote:
> I'd like to use SSL certificate authentication, and that happens
> transparently? Don't I need to supply a cert? It's not looking in the
> ~/.postgresql directory for it like psql does...?
>
> On 1/20/06, Dick Davies <rasputnik@gmail.com> wrote:
> >
> > It's handled transparently by libpq. If you're using the C library,
> > you don't need to worry about it.
> >
> > On 20/01/06, Kevin Brown <blargity@gmail.com> wrote:
> > > Is SSL supported with the ruby postgres adapter? I'd like to SSL the
> > > connections, but looking at the rdoc, I'm not seeing anything about
> > > it, though there is a mysterious "options" parameter. I can already
> > > connect to my postgres server with pgadmin3, so I know everything is
> > > set up correctly, so how to I tell the ruby code to get on board?


--
Rasputin :: Jack of All Trades - Master of Nuns
http://number9.helloope...

Dave Lee

1/25/2006 3:57:00 PM

0

On 1/24/06, Kevin Brown <blargity@gmail.com> wrote:
> I'd like to use SSL certificate authentication, and that happens
> transparently? Don't I need to supply a cert? It's not looking in the
> ~/.postgresql directory for it like psql does...?

If you are using postgres-pr, than I can't comment. If you are using
the ruby-postgres extension, then it too should be looking in the
~/.postgresql directory because, as mentioned by Dick Davies,
ruby-postgres makes use of libpq, which is what psql uses. The
documentation regarding ssl support in libpq is at:

http://www.postgresql.org/docs/current/interactive/libp...

which states:

"If the server demands a client certificate, libpq will send the
certificate stored in file ~/.postgresql/postgresql.crt within the
user's home directory. A matching private key file
~/.postgresql/postgresql.key must also be present, and must not be
world-readable."

Having said this, I haven't actually used ssl for postgresql
connections. The documentation regarding ssl with libpq is very
simple, I'm not sure what could be going wrong in your case. Which
OS? Which ruby? Which version of ruby-postgres? Maybe you're
actually using postgres-pr?

Dave

Kevin Brown

1/26/2006 7:23:00 AM

0

I'm using the compiled C extension on Linux. I'll do some more
playing and see what I can make out. Could very well have been world
readable.

Thanks for your help, and I'll post the result when I've played some more.

On 1/25/06, Dave Lee <davelee.com@gmail.com> wrote:
> On 1/24/06, Kevin Brown <blargity@gmail.com> wrote:
> > I'd like to use SSL certificate authentication, and that happens
> > transparently? Don't I need to supply a cert? It's not looking in the
> > ~/.postgresql directory for it like psql does...?
>
> If you are using postgres-pr, than I can't comment. If you are using
> the ruby-postgres extension, then it too should be looking in the
> ~/.postgresql directory because, as mentioned by Dick Davies,
> ruby-postgres makes use of libpq, which is what psql uses. The
> documentation regarding ssl support in libpq is at:
>
> http://www.postgresql.org/docs/current/interactive/libp...
>
> which states:
>
> "If the server demands a client certificate, libpq will send the
> certificate stored in file ~/.postgresql/postgresql.crt within the
> user's home directory. A matching private key file
> ~/.postgresql/postgresql.key must also be present, and must not be
> world-readable."
>
> Having said this, I haven't actually used ssl for postgresql
> connections. The documentation regarding ssl with libpq is very
> simple, I'm not sure what could be going wrong in your case. Which
> OS? Which ruby? Which version of ruby-postgres? Maybe you're
> actually using postgres-pr?
>
> Dave
>
>

Kevin Brown

1/26/2006 9:25:00 AM

0

Alright, here it is. I'm not even client authing yet. Psql connects
just fine and lets me know it's SSLing the connection. Ruby code from
the same machine to the same machine says:

#<PGError: SSL error: sslv3 alert handshake failure>

which I can't find anything about using Google.

On 1/25/06, Kevin Brown <blargity@gmail.com> wrote:
> I'm using the compiled C extension on Linux. I'll do some more
> playing and see what I can make out. Could very well have been world
> readable.
>
> Thanks for your help, and I'll post the result when I've played some more

Kevin Brown

1/26/2006 9:48:00 AM

0

Ok, I've nailed it down further.

Without client authing, everything now works fine.

I turn on client authing, and psql connects just fine, while the ruby
code does not, reporting the same #<PGError: SSL error> stuff.

On 1/26/06, Kevin Brown <blargity@gmail.com> wrote:
> Alright, here it is. I'm not even client authing yet. Psql connects
> just fine and lets me know it's SSLing the connection. Ruby code from
> the same machine to the same machine says:
>
> #<PGError: SSL error: sslv3 alert handshake failure>
>
> which I can't find anything about using Google.
>
> On 1/25/06, Kevin Brown <blargity@gmail.com> wrote:
> > I'm using the compiled C extension on Linux. I'll do some more
> > playing and see what I can make out. Could very well have been world
> > readable.
> >
> > Thanks for your help, and I'll post the result when I've played some more.
> >
> > On 1/25/06, Dave Lee <davelee.com@gmail.com> wrote:
> > > On 1/24/06, Kevin Brown <blargity@gmail.com> wrote:
> > > > I'd like to use SSL certificate authentication, and that happens
> > > > transparently? Don't I need to supply a cert? It's not looking in the
> > > > ~/.postgresql directory for it like psql does...?
> > >
> > > If you are using postgres-pr, than I can't comment. If you are using
> > > the ruby-postgres extension, then it too should be looking in the
> > > ~/.postgresql directory because, as mentioned by Dick Davies,
> > > ruby-postgres makes use of libpq, which is what psql uses. The
> > > documentation regarding ssl support in libpq is at:
> > >
> > > http://www.postgresql.org/docs/current/interactive/libp...
> > >
> > > which states:
> > >
> > > "If the server demands a client certificate, libpq will send the
> > > certificate stored in file ~/.postgresql/postgresql.crt within the
> > > user's home directory. A matching private key file
> > > ~/.postgresql/postgresql.key must also be present, and must not be
> > > world-readable."
> > >
> > > Having said this, I haven't actually used ssl for postgresql
> > > connections. The documentation regarding ssl with libpq is very
> > > simple, I'm not sure what could be going wrong in your case. Which
> > > OS? Which ruby? Which version of ruby-postgres? Maybe you're
> > > actually using postgres-pr?
> > >
> > > Dave
> > >
> > >
> >
>

Dave Lee

1/26/2006 2:57:00 PM

0

On 1/26/06, Kevin Brown <blargity@gmail.com> wrote:
> Alright, here it is. I'm not even client authing yet. Psql connects
> just fine and lets me know it's SSLing the connection. Ruby code from
> the same machine to the same machine says:
>
> #<PGError: SSL error: sslv3 alert handshake failure>
>
> which I can't find anything about using Google.

I googled "sslv3 alert handshake failure" which resulted in almost 12k
hits. I don't think you'd find much if you include PGError in the
search. In any case, the fact that psql is working while
ruby-postgres is not, is confusing. The thing is, the ruby-postgres
extension contains no SSL logic, it leaves it all in the hands of
libpq.

is your ruby process and psql process being run under the same user?

Dave

Kevin Brown

1/28/2006 11:32:00 AM

0

On 1/26/06, Dave Lee <davelee.com@gmail.com> wrote:
> On 1/26/06, Kevin Brown <blargity@gmail.com> wrote:
> > Alright, here it is. I'm not even client authing yet. Psql connects
> > just fine and lets me know it's SSLing the connection. Ruby code from
> > the same machine to the same machine says:
> >
> > #<PGError: SSL error: sslv3 alert handshake failure>
> >
> > which I can't find anything about using Google.
>
> I googled "sslv3 alert handshake failure" which resulted in almost 12k
> hits. I don't think you'd find much if you include PGError in the
> search. In any case, the fact that psql is working while
> ruby-postgres is not, is confusing. The thing is, the ruby-postgres
> extension contains no SSL logic, it leaves it all in the hands of
> libpq.
>
> is your ruby process and psql process being run under the same user?

Yes. And the postgres server reports in the logs that the ruby code
is not supplying a cert, hence the ssl handshake failure, while psql,
from the exact same user account, and terminal window, 2 seconds
apart, connects beautifully.

Did they link against an older version (7 point something) of lib-pq?
I'm on newest everything for psql and the server...

Dave Lee

1/28/2006 4:01:00 PM

0

On 1/28/06, Kevin Brown <blargity@gmail.com> wrote:
> Yes. And the postgres server reports in the logs that the ruby code
> is not supplying a cert, hence the ssl handshake failure, while psql,
> from the exact same user account, and terminal window, 2 seconds
> apart, connects beautifully.
>
> Did they link against an older version (7 point something) of lib-pq?
> I'm on newest everything for psql and the server...

are you running on windows?

Dave