I have a PostgreSQL database with a valid SSL certificate and the SSL options turned on (in postgres.conf). Where do I place the settings in my connection to tell my SQLDatabaseMBS database to connect using that SSL certificate, or is it automatic? I would assume I would need something like:
tempSQLDatabaseMBS.Option("POSTGRES_SECURE_AUTH") = "true"
tempSQLDatabaseMBS.Option("POSTGRES_CERTIFICATE") = "cipher: DHE-RSA-AES256-GCM-SHA384, bits: 256"
I haven’t tried PostgreSQL with SSL yet. But all option described there:
you can pass options to libpq with connection string. The default format is:
“” here is only the server command line options like described by the link above. However you can use any parameters with [database_name] like:
con.Connect(“myserverhost@dbname=‘test db’ connection_timeout=30 client_encoding=utf8 application_name=‘my app’ sslmode=require …”,
Can you try?
These techniques did not work (would not connect):
tempSQLDatabaseMBS.DatabaseName = "postgres:" + myHost + "," + str(myPort) + "@" + myDatabaseName + ";sslmode=verify-full"
tempSQLDatabaseMBS.DatabaseName = "postgres:" + myHost + "," + str(myPort) + "@" + myDatabaseName + ";sslmode=require"
but these did work:
tempSQLDatabaseMBS.Option("sslmode") = "verify-full"
tempSQLDatabaseMBS.Option("sslmode") = "require"
or else the later two are being ignored!
I’m not sure! Should the tempSQLDatabaseMBS.Option(“sslmode”) = “verify-full” technique work? If so, then yes it’s working.
Well, you can check network traffic…
Another Questions is how is your pg_hba.conf cinfigured.
I for example disalow any connection not ssl encrypted, by using the hostssl allow directive and host(s) deny directive in said config file.
Any Not Encrypted Connection is denied access. So you would now if it uses SSL this way because else the connection will not work.
Gave me a problem when i compiled an app of mine with the new xojo version because some time ago (the xojo db plugins) had their SSLMode set to SSLDisabled in the Default Config (The RealStudio Version at least where set to SSLAllow). So my App couldn’t Connect to the DB because it didn’t even try to connect per SSL.
Ren, I have SSL turned on in postgres.conf, but not as required that would be a good test. Thank you.