RT2 + postgresql over ssl

RT Developers
1

Hi

I have followed problem:

I installed postgresql 7.1.2 with option --with-openssl,
because i want communicate with remote database only over ssl.
I have setup in pg_hba.conf where postgresql running:
hostssl all 192.168.17.36 255.255.255.255 trust
I installed RT2 (with remote database) on server with ip 192.168.17.36
(of course over ssl) and everything was OK. I even imported all data
from RT1.When i wanted connect from http, which running on server with
ip 192.168.17.36, i saw in the apache log followed:
DBI->connect(dbname=rt2;host=rt.i.cz) failed: No pg_hba.conf entry for
host 192.168.17.36, user rt, database rt2 at
/usr/lib/perl5/site_perl/5.6.0/DBIx/SearchBuilder/Handle.pm line 118

[Wed Aug 1 14:03:13 2001] [error] Connect Failed No pg_hba.conf entry
for host 192.168.17.36, user rt, database rt2 at /opt/rt2ssl/lib/RT.pm
line 14
I have installed DBIx-SearchBuilder-0.40.

When i add line to pg_hba.conf on server where postgresql running:
host all 192.168.17.36 255.255.255.255 trust
everything at the web is OK. But this setup i don’t want. I want
communicate with database only over ssl.

I hope that my explanation of my problem was enough

Thank you for your answer

Sebek Pavel

PS:Excuse me for my english

2

So I have no idea if this is going to work, but you should try it anyway.

#1. Patch your DBIx::SearchBuilder::Handle.pm with the attached patch.
#2. Patch your RT::Handle.pm with the attached patch.
#3. Hope for the best.

Its entirly untested as I don’t have a pgsql server to talk to. You need
to make sure that the postgres client libraries on your webserver were
built with ssl enabled.

-Matt

RT_Handle.pm (336 Bytes)

DB_SearchBuilder_Handle.pm (429 Bytes)

3

Hi,

thank you for answer.
I changed both DBIx::SearchBuilder::Handle.pm and RT::Handle.pm from
attached patches but WEB client still not works. Only I saw different
messages in log:
DBI->connect(dbname=rt2;host=rt.i.cz;requiressl=1) failed: ERROR:
Unknown conninfo option ‘requiressl’ at
/usr/lib/perl5/site_perl/5.6.0/DBIx/SearchBuilder/Handle.pm line 120

[Thu Aug 2 03:28:31 2001] [error] Connect Failed ERROR: Unknown
conninfo option ‘requiressl’
at /opt/rt2ssl/lib/RT.pm line 14
CLI client works right.

Do you have another idea about it?

Sebek Pavel

Matt Knopp wrote:

4

Do you have another idea about it?

I’m not sure I understand how one would work and one wouldnt. AFAIK they
use the same code. [Web and CLI, that is].

What version of DBD::Pg and DBI, do you have installed.

-Matt

5

Do you have another idea about it?

I’m not sure I understand how one would work and one wouldnt. AFAIK they
use the same code. [Web and CLI, that is].

I should think so too. But WEB interface isn’t work.
CLI :

part of pg_hba.conf

This default configuration allows any local user to connect as any

PostgreSQL username, over either UNIX domain sockets or IP:

#local all trust
hostssl all 127.0.0.1 255.255.255.255 trust
hostssl all 192.168.17.36 255.255.255.255 trust
#host all 192.168.17.36 255.255.255.255 trust
#host all 192.168.17.36 255.255.255.255 trust

output command rt (with communication over ssl only):
[sebek@sebek bin]$ ./rt --id=110 --history
Serial Number: 110 Status:resolved Worked: 0 minutes Queue:CTV
Requestors: Eduard.Vopicka@i.cz
Cc:
Admin Cc:
Owner: eda
Priority: 10 / 20
Due: Not set
Created: Fri Jul 28 09:33:37 2000 (1 years ago)
Last Contact: Not set ()
Last Update: Fri Jul 28 09:33:48 2000 by 1

Keywords:
Area:
Dependencies:

Ticket created by eda

Cca v 15:20 pozadal p. Koucky o zvyseni max. delky e-mailu na 3,000,000
bajtu.
Provedeno.
Taken by eda

Status changed from open to resolved by eda

And WEB interface still isn’t work really.

What version of DBD::Pg and DBI, do you have installed.

DBD-Pg-1.01

DBI-1.18

Sebek Pavel