Jef*_*eff 5 python postgresql ssl
我正在尝试为已附加到我的python flask gunicorn应用程序的postgres DB(版本9.6)设置ssl(自签名证书)。我一直在运行没有ssl的postgres服务器,但是正在尝试提高应用程序的安全性。
我使用了以下教程:
尽管它们非常有用,但似乎无法解决此问题(在我的日志文件中):
LOG: database system was shut down at 2017-11-07 13:15:47 EST
LOG: MultiXact member wraparound protections are now enabled
LOG: database system is ready to accept connections
LOG: autovacuum launcher started
LOG: could not accept SSL connection: EOF detected // THIS LINE HERE
该应用程序可以运行,但不能在ssl上运行。
这是我的postgres.conf(我认为是相关的):
listen_addresses = '*'
port = 7654
ssl = on
ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL'
ssl_prefer_server_ciphers = on
#ssl_ecdh_curve = 'prime256v1'
ssl_cert_file = 'server.crt'
ssl_key_file = 'server.key'
ssl_ca_file = 'root.crt'
这是我的pg_hba.conf:
# TYPE DATABASE USER ADDRESS METHOD
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
hostssl all all 0.0.0.0/0 trust clientcert=1
# I've also tried:
#hostssl all myUser 0.0.0.0/0 md5 clientcert=1
#hostssl all all 0.0.0.0/0 md5
这是一些跟踪日志记录。
这表明be-secure-openssl.c在此行存在问题:
if (!SSL_context)
{
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION), // THIS LINE
errmsg("could not initialize SSL connection: SSL context not set up")));
return -1;
}
| 归档时间: |
|
| 查看次数: |
2512 次 |
| 最近记录: |