[Kamailio-Users] PostgreSQL TLS support
Olle E. Johansson
oej at edvina.net
Wed Oct 7 09:50:25 CEST 2009
7 okt 2009 kl. 09.47 skrev Klaus Darilion:
>
>
> Olle E. Johansson schrieb:
>> The db_postgres documentation doesn't say much about anything,
>> really...
>> Is there support for TLS connections and how do I configure it if
>> it exist?
>
> Do you need client authentication? If not, AFAIK the connection the
> postgresql is TLS if configured on the postgresql server.
Well, I need to be able to control the server certificate verification
on the client side. And have an option to enable/disable SSL, set
crypto mechanisms, authentication options and so on...
>
>
> /etc/postgresql/8.1/main/pg_hba.conf:
>
> # This file controls: which hosts are allowed to connect, how clients
> # are authenticated, which PostgreSQL user names they can use, which
> # databases they can access. Records take one of these forms:
> #
> # local DATABASE USER METHOD [OPTION]
> # host DATABASE USER CIDR-ADDRESS METHOD [OPTION]
> # hostssl DATABASE USER CIDR-ADDRESS METHOD [OPTION]
> # hostnossl DATABASE USER CIDR-ADDRESS METHOD [OPTION]
> #
> # (The uppercase items must be replaced by actual values.)
> #
> # The first field is the connection type: "local" is a Unix-domain
> socket,
> # "host" is either a plain or SSL-encrypted TCP/IP socket, "hostssl"
> is an
> # SSL-encrypted TCP/IP socket, and "hostnossl" is a plain TCP/IP
> socket.
Happily, I am able to cover the whole server thing with a SEP field.
Somebody-elses-problem :-)
Thanks!
/O
More information about the Users
mailing list