Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 30 Mar 2012 11:43:39 +0200
From:      "O. Hartmann" <ohartman@mail.zedat.fu-berlin.de>
To:        Current FreeBSD <freebsd-current@freebsd.org>,  Ports FreeBSD <freebsd-ports@FreeBSD.org>
Subject:   FreeBSD 10.0-CURRENT/amd64 and SSL connections to PostgreSQL 9.1.3: broken!
Message-ID:  <4F75804B.6000907@mail.zedat.fu-berlin.de>

next in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig4BC4816D3FF31323F78D2886
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: quoted-printable

A couple of days ago I updated FreeBSD 10.0-CURRENT and deleted old libs
and old files via "make delete-old-XXX" in /usr/src, as I saw that
Kerberos5/Heimdal got an update.

After that, several server/applications didn't work correctly anymore
due to missing, already deleted libraries.

So i recompiled nearly every port, especially Subversion, OpenLDAP
(amongst Cyrus SASL, pam_ldap and nss_ldap). PostgreSQL has also got an
update from 9.1.2 to 9.1.3 that time.

My hurting problem is, that ALL FreeBSD 10.0-CURRENT based servers using
OpenLDAP or SSL connections now fail. I can not exactly nail down the
problem, but these (already completely with portmaster -f recompiled
applications) ports fail connecting to PostgreSQL when using OpenLDAP/SSL=
:

pgadmin3 (users in pg_hba are, except superuser, on OpenLDAP)
refdb (refdb users are OpenLDAP backed)
Mediawiki (Mediawiki users are OpenLDAP backed)

These ports connect to PostgreSQL and use for user's authentication
OpenLDAP. Our boxes also use OpenLDAP for user authentication, this
works, so I assume PostgreSQL is the failing point.

In the log I get that a pg_hba entry with SSL off is missing. Somehow,
SSL doesn't work anymore or the certificate got invalidated (created
with a CA on FreeBSD 9, now used on FBSD 10).

Does anyone also experience this weird behaviour?

Regards,
Oliver


--------------enig4BC4816D3FF31323F78D2886
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (FreeBSD)

iQEcBAEBAgAGBQJPdYBQAAoJEOgBcD7A/5N8COUH/3TeMzG1H7Szon+iVmH1XcuW
KpvdIrfOFE1bJRhJ5UVkoJ8QvcDZRPr6lAI72cnDZ2PwZj892tO6jbh7NGBa+Z6I
ilLYpchW0m04HuM9/Jx3RInImqHXHixbu9d5GKd7Wha1ue39YbDPGZ0AlnB0vZPS
+ltydP+E/zvMImdvituRe376rxnPcQvX9fODlpyec0n1sLNHf+/hUqOHQTlPiWZO
3vy9sij5Oglz20YTLQ9oYyNpEZNDqwXWOI8FlLbqr6ODNtsYE+BwLShmKOlY11jz
oYHZy5sEsoNRxCcLQCN6HKWeVT5oOa5+OLabUxgjHQb3/Km+0gBieyfvGL9VezM=
=COKj
-----END PGP SIGNATURE-----

--------------enig4BC4816D3FF31323F78D2886--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F75804B.6000907>