From owner-freebsd-current@FreeBSD.ORG Fri Mar 30 09:43:46 2012 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6E169106564A; Fri, 30 Mar 2012 09:43:46 +0000 (UTC) (envelope-from ohartman@mail.zedat.fu-berlin.de) Received: from outpost1.zedat.fu-berlin.de (outpost1.zedat.fu-berlin.de [130.133.4.66]) by mx1.freebsd.org (Postfix) with ESMTP id 23C6B8FC0C; Fri, 30 Mar 2012 09:43:45 +0000 (UTC) Received: from inpost2.zedat.fu-berlin.de ([130.133.4.69]) by outpost1.zedat.fu-berlin.de (Exim 4.69) with esmtp (envelope-from ) id <1SDYMz-000053-4a>; Fri, 30 Mar 2012 11:43:45 +0200 Received: from telesto.geoinf.fu-berlin.de ([130.133.86.198]) by inpost2.zedat.fu-berlin.de (Exim 4.69) with esmtpsa (envelope-from ) id <1SDYMz-0003kp-0K>; Fri, 30 Mar 2012 11:43:45 +0200 Message-ID: <4F75804B.6000907@mail.zedat.fu-berlin.de> Date: Fri, 30 Mar 2012 11:43:39 +0200 From: "O. Hartmann" User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:10.0.3) Gecko/20120314 Thunderbird/10.0.3 MIME-Version: 1.0 To: Current FreeBSD , Ports FreeBSD X-Enigmail-Version: 1.4 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig4BC4816D3FF31323F78D2886" X-Originating-IP: 130.133.86.198 X-Mailman-Approved-At: Fri, 30 Mar 2012 11:07:53 +0000 Cc: Subject: FreeBSD 10.0-CURRENT/amd64 and SSL connections to PostgreSQL 9.1.3: broken! X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Mar 2012 09:43:46 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig4BC4816D3FF31323F78D2886 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: quoted-printable A couple of days ago I updated FreeBSD 10.0-CURRENT and deleted old libs and old files via "make delete-old-XXX" in /usr/src, as I saw that Kerberos5/Heimdal got an update. After that, several server/applications didn't work correctly anymore due to missing, already deleted libraries. So i recompiled nearly every port, especially Subversion, OpenLDAP (amongst Cyrus SASL, pam_ldap and nss_ldap). PostgreSQL has also got an update from 9.1.2 to 9.1.3 that time. My hurting problem is, that ALL FreeBSD 10.0-CURRENT based servers using OpenLDAP or SSL connections now fail. I can not exactly nail down the problem, but these (already completely with portmaster -f recompiled applications) ports fail connecting to PostgreSQL when using OpenLDAP/SSL= : pgadmin3 (users in pg_hba are, except superuser, on OpenLDAP) refdb (refdb users are OpenLDAP backed) Mediawiki (Mediawiki users are OpenLDAP backed) These ports connect to PostgreSQL and use for user's authentication OpenLDAP. Our boxes also use OpenLDAP for user authentication, this works, so I assume PostgreSQL is the failing point. In the log I get that a pg_hba entry with SSL off is missing. Somehow, SSL doesn't work anymore or the certificate got invalidated (created with a CA on FreeBSD 9, now used on FBSD 10). Does anyone also experience this weird behaviour? Regards, Oliver --------------enig4BC4816D3FF31323F78D2886 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iQEcBAEBAgAGBQJPdYBQAAoJEOgBcD7A/5N8COUH/3TeMzG1H7Szon+iVmH1XcuW KpvdIrfOFE1bJRhJ5UVkoJ8QvcDZRPr6lAI72cnDZ2PwZj892tO6jbh7NGBa+Z6I ilLYpchW0m04HuM9/Jx3RInImqHXHixbu9d5GKd7Wha1ue39YbDPGZ0AlnB0vZPS +ltydP+E/zvMImdvituRe376rxnPcQvX9fODlpyec0n1sLNHf+/hUqOHQTlPiWZO 3vy9sij5Oglz20YTLQ9oYyNpEZNDqwXWOI8FlLbqr6ODNtsYE+BwLShmKOlY11jz oYHZy5sEsoNRxCcLQCN6HKWeVT5oOa5+OLabUxgjHQb3/Km+0gBieyfvGL9VezM= =COKj -----END PGP SIGNATURE----- --------------enig4BC4816D3FF31323F78D2886--