[Babase] Re: Ranker security problems
Karl O. Pinc
kop at meme.com
Sun Sep 2 19:05:19 EDT 2007
On 08/31/2007 08:20:05 PM, Jun Yang wrote:
> How are we going to resolve this problem? This doesn't seem to be
> something I could fix in the ranker code---sounds more like a setup
> issue on papio?
Papio is setup for the simplest possible SSL connection,
no certificate at all is required. My suspicion is that
the ranker is supplying some certificate, one that's not
signed by the right certificate authority because none is required.
I can crank up the verbosity of the logs and that might
have something to say about it, or maybe not.
Or you could look at the ranker side.
Or I could look at the ranker side.
Or I could write a test in C using
the psql code as a template to prove how things
work one way or another.
Let me know which way we should proceed.
>
> --- Jun Y.
>
> On 8/26/07, Karl O. Pinc <kop at meme.com> wrote:
> >
> > On 08/26/2007 03:54:35 PM, Lacey Maryott wrote:
> > > I'm at the office now, and it still doesn't appear to be working,
> > >
> > > I set the server to papio.biology.duke.edu
> > > and checked 'Use SSL'
> > > and used my unix login and password.
> > > the error message says "the connection attempt failed"
> > >
> > > For grins, I also tried with my ppa username and password, and got
> > > the same error message.
> > >
> > > Sorry for more bad news :(
> >
> > This is what the log says.
> >
> > Aug 26 16:53:38 papio postgres[30351]: [3-1] LOG: could not accept
> SSL
> > connection: sslv3 alert certificate unknown.
> >
> > The odd part is that, as far as I know,
> > no certificate should be required. Authentication
> > is happening via (Unix) username and password.
> >
> > There is no root.crt file. See:
> > http://www.postgresql.org/docs/8.1/static/ssl-tcp.html
> > (We could make one, but certificates seem a pain to
> > keep up with.)
> >
> > Karl <kop at meme.com>
> > Free Software: "You don't pay back, you pay forward."
> > -- Robert A. Heinlein
> >
> > _______________________________________________
> > Babase mailing list
> > Babase at www.eco.princeton.edu
> > http://www.eco.princeton.edu/mailman/listinfo/babase
> >
> _______________________________________________
> Babase mailing list
> Babase at www.eco.princeton.edu
> http://www.eco.princeton.edu/mailman/listinfo/babase
>
>
Karl <kop at meme.com>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein
More information about the Babase
mailing list