[CalendarServer-dev] SSL connection to DB server gone in 8.0?
Andre LaBranche
dre at apple.com
Fri Jun 24 15:12:13 PDT 2016
Hi,
> On Jun 15, 2016, at 9:26 AM, Andre LaBranche <dre at apple.com> wrote:
>
>
>> On Jun 14, 2016, at 4:46 AM, Axel Rau <Axel.Rau at Chaos1.DE> wrote:
>>
>> Shall I report a bug for this?
>
> Yeah, looks like we don't accept tcps.
I tried the most naive thing I could think of, since I believe none of the parameters we pass down to pg8000 are TLS-aware - I think it's a negotiation that happens at connect time.
Index: txdav/base/datastore/dbapiclient.py
===================================================================
--- txdav/base/datastore/dbapiclient.py (revision 15694)
+++ txdav/base/datastore/dbapiclient.py (working copy)
@@ -218,7 +218,7 @@
else:
self.port = None
self.host = None
- elif self.endpoint.startswith("tcp:"):
+ elif self.endpoint.startswith("tcp:") or self.endpoint.startswith("tcps:"):
self.unixsocket = None
self.host = self.endpoint[4:]
if ":" in self.host:
However in trying to test this, I realized that we don't build postgres with SSL support. When I added "--with-openssl" to the PG configure args (in bin/_build.sh), it blows up on me because my OS vendor totally doesn't ship openssl headers, and I'm not trying to solve that right now... but maybe I can get it going via Homebrew. In the mean time, feel free to try the above patch and let me know if it 'just works' :)
-dre
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-dev/attachments/20160624/2e2a6ac9/attachment.html>
More information about the calendarserver-dev
mailing list