我正在尝试为postgres DB(版本9.6)设置ssl(自签名证书)我附加到我的python flask gunicorn应用程序。我一直在运行没有ssl的postgres服务器,但我正在尝试提高应用程序的安全性。
我使用了以下教程:
虽然它们非常有用,但我似乎无法通过此问题(在我的日志文件中):
LOG: database system was shut down at 2017-11-07 13:15:47 EST
LOG: MultiXact member wraparound protections are now enabled
LOG: database system is ready to accept connections
LOG: autovacuum launcher started
LOG: could not accept SSL connection: EOF detected // THIS LINE HERE
应用程序运行,但不是ssl。
这是我的postgres.conf(我认为相关):
listen_addresses = '*'
port = 7654
ssl = on
ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL'
ssl_prefer_server_ciphers = on
#ssl_ecdh_curve = 'prime256v1'
ssl_cert_file = 'server.crt'
ssl_key_file = 'server.key'
ssl_ca_file = 'root.crt'
这是我的pg_hba.conf:
# TYPE DATABASE USER ADDRESS METHOD
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
hostssl all all 0.0.0.0/0 trust clientcert=1
# I've also tried:
#hostssl all myUser 0.0.0.0/0 md5 clientcert=1
#hostssl all all 0.0.0.0/0 md5
以下是一些trace日志记录。
这表明be-secure-openssl.c存在问题,在此行:
if (!SSL_context)
{
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION), // THIS LINE
errmsg("could not initialize SSL connection: SSL context not set up")));
return -1;
}