我对 openssl 配置、Postgres 和 Progress DataDirect ODBC 驱动程序还不熟悉,我正在尝试进行设置。我让 Postgres 在一个容器中工作,并设置了
tjcw:~$ openssl req -new -x509 -days 365 -key fd.key -out fd.crt
Enter pass phrase for fd.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:
tjcw:~$ openssl rsa -in fd.key -out fd.plain.key
Enter pass phrase for fd.key:
writing RSA key
tjcw:~$
这是我的 Dockerfile 中的内容
FROM docker.io/postgres
COPY init-user-db.sh /docker-entrypoint-initdb.d
RUN chmod +x /docker-entrypoint-initdb.d/init-user-db.sh
RUN mkdir /var/lib/postgresql/ssl
RUN chown postgres.postgres /var/lib/postgresql/ssl
COPY fd.crt /var/lib/postgresql/ssl/server.crt
COPY fd.plain.key /var/lib/postgresql/ssl/server.key
RUN chown postgres.postgres /var/lib/postgresql/ssl/server.crt /var/lib/postgresql/ssl/server.key
RUN chmod 400 /var/lib/postgresql/ssl/server.crt /var/lib/postgresql/ssl/server.key
RUN ls -ld /var/ /var/lib/ /var/lib/postgresql/ /var/lib/postgresql/ssl/
RUN sed -i 's/#ssl = off/ssl = on/' /usr/share/postgresql/postgresql.conf.sample
RUN sed -i 's/#ssl/ssl/' /usr/share/postgresql/postgresql.conf.sample
RUN sed -i 's-server.crt-/var/lib/postgresql/ssl/server.crt-' /usr/share/postgresql/postgresql.conf.sample
RUN sed -i 's-server.key-/var/lib/postgresql/ssl/server.key-' /usr/share/postgresql/postgresql.conf.sample
podman logs显示服务器按预期启动。
但我不知道如何配置客户端。这是我在/etc/odbcinst.ini没有加密的情况下运行的
[ODBC Data Sources]
PostgreSQL=DataDirect 8.0 PostgreSQL
# Driver from the postgresql-odbc package
# Setup from the unixODBC package
[PostgreSQL]
Description = ODBC for PostgreSQL
Driver = /home/tjcw/ODBC/drivers/lib/UKpsql95.so
HostName=localhost
PortNumber=5432
Database=acedb
Progress DataDirect 文档在此处https://docs.progress.com/bundle/datadirect-postgresql-odbc-80/page/Certificate-based-authentication_2.html但我不清楚在客户端我需要做什么才能使其正常工作。
有人可以给我举一个例子吗?
答案1
我将以下内容放入 ~/odbc.ini
[ODBC Data Sources]
POSTGRES=DataDirect ODBC Postgres Wire Protocol
;# POSTGRES stanza
[ACEDB]
DRIVER=/home/tjcw/ODBC/drivers/lib/UKpsql95.so
Description=IBM Postgres ODBC Database
Database=acedb
HostName=localhost
PortNumber=5432
;PortNumber=33679
EncryptionMethod=1
HostName=localhost
HostNameInCertificate=localhost
ValidateServerCertificate=0
并运行了 SQL 请求。
tjcw:src$ sudo tcpdump -i lo -w tcpdump.log 'tcp port 5432'
dropped privs to tcpdump
tcpdump: listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes
^C31 packets captured
62 packets received by filter
0 packets dropped by kernel
tjcw:src$ wireshark
给了我下面的图片
