Sou novo na configuração do openssl, Postgres e no driver ODBC Progress DataDirect e estou tentando configurar isso. Eu tenho o Postgres trabalhando em um contêiner, configurado com
tjcw:~$ openssl req -new -x509 -days 365 -key fd.key -out fd.crt
Enter pass phrase for fd.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:
tjcw:~$ openssl rsa -in fd.key -out fd.plain.key
Enter pass phrase for fd.key:
writing RSA key
tjcw:~$
e isso no meu Dockerfile
FROM docker.io/postgres
COPY init-user-db.sh /docker-entrypoint-initdb.d
RUN chmod +x /docker-entrypoint-initdb.d/init-user-db.sh
RUN mkdir /var/lib/postgresql/ssl
RUN chown postgres.postgres /var/lib/postgresql/ssl
COPY fd.crt /var/lib/postgresql/ssl/server.crt
COPY fd.plain.key /var/lib/postgresql/ssl/server.key
RUN chown postgres.postgres /var/lib/postgresql/ssl/server.crt /var/lib/postgresql/ssl/server.key
RUN chmod 400 /var/lib/postgresql/ssl/server.crt /var/lib/postgresql/ssl/server.key
RUN ls -ld /var/ /var/lib/ /var/lib/postgresql/ /var/lib/postgresql/ssl/
RUN sed -i 's/#ssl = off/ssl = on/' /usr/share/postgresql/postgresql.conf.sample
RUN sed -i 's/#ssl/ssl/' /usr/share/postgresql/postgresql.conf.sample
RUN sed -i 's-server.crt-/var/lib/postgresql/ssl/server.crt-' /usr/share/postgresql/postgresql.conf.sample
RUN sed -i 's-server.key-/var/lib/postgresql/ssl/server.key-' /usr/share/postgresql/postgresql.conf.sample
podman logsmostra o servidor iniciando conforme esperado.
Mas não sei como configurar o cliente. Isso é o que eu precisava /etc/odbcinst.inipara rodar sem criptografia
[ODBC Data Sources]
PostgreSQL=DataDirect 8.0 PostgreSQL
# Driver from the postgresql-odbc package
# Setup from the unixODBC package
[PostgreSQL]
Description = ODBC for PostgreSQL
Driver = /home/tjcw/ODBC/drivers/lib/UKpsql95.so
HostName=localhost
PortNumber=5432
Database=acedb
A documentação do Progress DataDirect está aquihttps://docs.progress.com/bundle/datadirect-postgresql-odbc-80/page/Certificate-based-authentication_2.htmlmas não está claro para mim o que preciso fazer do lado do cliente para que isso funcione.
Por favor, alguém pode me dar um exemplo disso.
Responder1
Coloquei o seguinte em ~/odbc.ini
[ODBC Data Sources]
POSTGRES=DataDirect ODBC Postgres Wire Protocol
;# POSTGRES stanza
[ACEDB]
DRIVER=/home/tjcw/ODBC/drivers/lib/UKpsql95.so
Description=IBM Postgres ODBC Database
Database=acedb
HostName=localhost
PortNumber=5432
;PortNumber=33679
EncryptionMethod=1
HostName=localhost
HostNameInCertificate=localhost
ValidateServerCertificate=0
e executei uma solicitação SQL.
tjcw:src$ sudo tcpdump -i lo -w tcpdump.log 'tcp port 5432'
dropped privs to tcpdump
tcpdump: listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes
^C31 packets captured
62 packets received by filter
0 packets dropped by kernel
tjcw:src$ wireshark
me deu a seguinte foto
