Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support SSL option for PostgreSQL #704

Open
madankumark opened this issue Jul 5, 2019 · 6 comments

Comments

@madankumark
Copy link

commented Jul 5, 2019

Steps to reproduce this issue

  1. Select Network Type as PostgreSQL (TCP/IP) and this will disable use SSL in Advanced Tab.

Current behavior

Doesn't support passing SSL certificate for connecting to PostgreSQL

Expected behavior

Should enable use SSL option for PostgreSQL (TCP/IP)

Possible solution

Environment

  • HeidiSQL version: 10.2.0.5599 (64 Bit)
  • Database system and version: PostgreSQL 9.6
  • Operating system: Windows 10
@ansgarbecker

This comment has been minimized.

Copy link
Collaborator

commented Jul 5, 2019

Could you give some hints on how to enable SSL communication using the C API?

@ansgarbecker ansgarbecker changed the title SSL option is not available for PostgreSQL (TCP/IP) Support SSL option for PostgreSQL Jul 5, 2019

@ansgarbecker

This comment has been minimized.

Copy link
Collaborator

commented Jul 29, 2019

Documentation on how to connect via SSL is available on postgresql.org

My just pushed change adds support for SSL on PG. So, the checkbox on the "Advanced" tab is enabled now for PG connections, and the first 3 edit boxes get passed to PQconnectdb. Only the last one is yet unused - the list of permissible ciphers. In MySQL this is supported, but for PG I can't find anything in the docs about such an option. Or did I miss it?

My own attempt to connect with SSL just failed:
grafik

@ansgarbecker ansgarbecker added this to the v10.3 milestone Jul 29, 2019

@Dionyzos73

This comment has been minimized.

Copy link

commented Aug 5, 2019

Hello,

I connect with several software to my PostgreSQL server successfully (EMS SQL Manager, DATAGrip, pgAdmin, ...), using SSL files (key, ca cert and client cert)

But with the last HeidiSQL version it's impossible ! This is the error message when i try : error message

And my parameters connection : params1 & params2

I don't understand why HeidiSQL don't want connect to my server :-(

Thanks

@ansgarbecker

This comment has been minimized.

Copy link
Collaborator

commented Aug 5, 2019

Maybe there is another missing setting which must be set, in the pqconnectdb call.

I should have a look at the code of some other client which uses the c api.

@ansgarbecker

This comment has been minimized.

Copy link
Collaborator

commented Aug 10, 2019

I can't find an example C program to look at the SSL configuration. On postgresql.org they provide some example programs, but they all do nothing with ssl.

pgAdmin has some example JSON configuration, which makes use of a "ssl-crl" setting, which HeidiSQL not yet does. Does anyone know what this *.crl file does on the connection? SSL compression is also yet unused by HeidiSQL but I guess that does not make any difference.

                ...
                "SSLMode": "require",
                "SSLCert": "/path/to/sslcert.crt",
                "SSLKey": "/path/to/sslcert.key",
                "SSLRootCert": "/path/to/sslroot.crt",
                "SSLCrl": "/path/to/sslcrl.crl",
                "SSLCompression": 1,
                ...
@ansgarbecker

This comment has been minimized.

Copy link
Collaborator

commented Aug 10, 2019

Just found it in the documentation:

sslcrl
This parameter specifies the file name of the SSL certificate revocation list (CRL). Certificates listed in this file, if it exists, will be rejected while attempting to authenticate the server's certificate. The default is ~/.postgresql/root.crl.

So if that's not passed by HeidiSQL, this cannot cause the mentioned connection problem.

I am stuck - please post more ideas and probably deeper connection debugging results here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.