无法为数据库添加SSL支持 [英] Unable to add SSL support for database
问题描述
为了启用SSL数据库连接,我遵循以下步骤:
- 创建自签名证书:请参阅: http://www.postgresql.org/docs/9.2/static/ssl-tcp.html#SSL-CERTIFICATE-CREATION
- 将生成的
server.crt和server.key复制到postgres / 9.2 / data文件夹。 - hibernate连接的URL:
jdbc:postgresql:// localhost:5432 / DB_NAME?ssl = true& sslfactory = org。 postgresql.ssl.NonValidatingFactory
重新启动postgres后,我运行我的应用程序,结果如下所示: / p>
org.postgresql.util.PSQLException:服务器不支持SSL。
at org.postgresql.core.v3.ConnectionFactoryImpl.enableSSL(ConnectionFactoryImpl.java:307)
at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:105)
org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:65)
at org.postgresql.jdbc2.AbstractJdbc2Connection。< init>(AbstractJdbc2Connection.java:140)
at org.postgresql。 (init)(AbstractJdbc3Connection.java:21)
at org.postgresql.jdbc3。 (jdbc4Connection.java:23)
at org.postgresql.Driver.makeConnection(< init> Driver.java:393)
at org.postgresql.Driver.connect(Driver.java:267)
即使我试图在en上添加这一行d pg_hba.conf 文件,但postgres不会重新启动:
hostssl all all 127.0.0.1/32 trust
编辑
对于接收到这种错误的其他人或者想要添加数据库ssl连接:
我添加了 ssl = true 并从 postgresql.conf 中移除了与ssl相关的条目的注释,并且它工作正常。 :)
问题的根源似乎是您的服务器不支持SSL或没有启用它。消息:
服务器不支持SSL
只能由 org / postgresql / core / v3 / ConnectionFactoryImpl.java 在 enableSSL ...)当服务器拒绝或不理解SSL请求时。
果然,在更新中你说您在 postgresql.conf 注释掉中有与SSL相关的选项。他们被注释掉了,就像他们根本没有在服务器上一样;它会忽略它们。这将导致服务器说它不支持SSL并拒绝SSL连接,因为它不知道要发送的服务器证书。当您在 postgresql.conf 中取消了对SSL选项的评论时,PgJDBC将报告上述错误。 $ b
并重新启动它开始工作的服务器。
您可能对以下事实感到困惑:
& ssl
& ssl = true
& ssl = false
都做同样的事情:它们启用SSL。是的,这太疯狂了。这是因为我们坚持使用的历史原因,但它清楚地记录了在JDBC驱动程序参数参考中:
ssl
$ b使用SSL进行连接。该驱动程序必须已经使用SSL
支持编译。该属性不需要与其关联的值。
仅仅存在它指定一个SSL连接。但是,对于未来版本的
兼容性,值true是首选。有关
的更多信息,请参阅第4章使用SSL。
正如你所看到的,你仍然应该写 ssl = true ,因为这可能会在将来发生变化。
阅读服务器配置和客户端配置部分将帮助您设置证书并在本地证书列表中安装证书,因此您不必禁用证书信任检查。
对于有此问题的其他人:PostgreSQL错误日志中会有更多详细信息,但我的猜测是您的PostgreSQL配置不正确,或者您正在使用手动编译的PostgreSQL,并且您没有使用SSL支持编译它。
I am using Spring3, Hibernate4 and postgres9.2.
For enabling the SSL database connection, I followed following steps :
- Creating self signed Certificate : refer : http://www.postgresql.org/docs/9.2/static/ssl-tcp.html#SSL-CERTIFICATE-CREATION
- Copied the generated
server.crtandserver.keyintopostgres/9.2/datafolder. - URL for hibernate connection :
jdbc:postgresql://localhost:5432/DB_NAME?ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory
After restarting the postgres I run my application and it gives error as :
org.postgresql.util.PSQLException: The server does not support SSL.
at org.postgresql.core.v3.ConnectionFactoryImpl.enableSSL(ConnectionFactoryImpl.java:307)
at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:105)
at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:65)
at org.postgresql.jdbc2.AbstractJdbc2Connection.<init>(AbstractJdbc2Connection.java:140)
at org.postgresql.jdbc3.AbstractJdbc3Connection.<init>(AbstractJdbc3Connection.java:29)
at org.postgresql.jdbc3g.AbstractJdbc3gConnection.<init>(AbstractJdbc3gConnection.java:21)
at org.postgresql.jdbc4.AbstractJdbc4Connection.<init>(AbstractJdbc4Connection.java:31)
at org.postgresql.jdbc4.Jdbc4Connection.<init>(Jdbc4Connection.java:23)
at org.postgresql.Driver.makeConnection(Driver.java:393)
at org.postgresql.Driver.connect(Driver.java:267)
Even I tried to add this line at the end of pg_hba.conf file but postgres does not get restarted :
hostssl all all 127.0.0.1/32 trust
EDIT
It is for other folks who received such error or wants to add database ssl connection :
I added ssl = true and removed comments for ssl related entries from postgresql.conf and it worked. :)
The root of your problem appears to be that your server does not support SSL or does not have it enabled. The message:
The server does not support SSL
may only be emitted by org/postgresql/core/v3/ConnectionFactoryImpl.java in enableSSL(...) when the server refuses or doesn't understand SSL requests.
Sure enough, in your update you say that you had the SSL-related options in postgresql.conf commented out. Them being commented out is the same as them being not there at all to the server; it will ignore them. This will cause the server to say it doesn't support SSL and refuse SSL connections because it doesn't know what server certificate to send. PgJDBC will report the error above when this happens.
When you un-commented the SSL options in postgresql.conf and re-started the server it started working.
You were probably confused by the fact that:
&ssl
&ssl=true
&ssl=false
all do the same thing: they enable SSL. Yes, that's kind of crazy. It's like that for historical reasons that we're stuck with, but it's clearly documented in the JDBC driver parameter reference:
ssl
Connect using SSL. The driver must have been compiled with SSL support. This property does not need a value associated with it. The mere presence of it specifies a SSL connection. However, for compatibility with future versions, the value "true" is preferred. For more information see Chapter 4, Using SSL.
As you can see, you should still write ssl=true since this may change in future.
Reading the server configuration and client configuration sections of the manual will help you with setting up the certificates and installing the certificate in your local certificate list so you don't have to disable certificate trust checking.
For anyone else with this problem: There will be more details in your PostgreSQL error logs, but my guess is your PostgreSQL config isn't right or you're using a hand-compiled PostgreSQL and you didn't compile it with SSL support.
这篇关于无法为数据库添加SSL支持的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
