[CalendarServer-dev] SSL connection to DB server gone in 8.0?

[Andre LaBranche]

Hi,

> On Jun 15, 2016, at 9:26 AM, Andre LaBranche <dre at apple.com> wrote:
> 
> 
>> On Jun 14, 2016, at 4:46 AM, Axel Rau <Axel.Rau at Chaos1.DE> wrote:
>> 
>> Shall I report a bug for this?
> 
> Yeah, looks like we don't accept tcps.

I tried the most naive thing I could think of, since I believe none of the parameters we pass down to pg8000 are TLS-aware - I think it's a negotiation that happens at connect time.

Index: txdav/base/datastore/dbapiclient.py
===================================================================
--- txdav/base/datastore/dbapiclient.py	(revision 15694)
+++ txdav/base/datastore/dbapiclient.py	(working copy)
@@ -218,7 +218,7 @@
             else:
                 self.port = None
             self.host = None
-        elif self.endpoint.startswith("tcp:"):
+        elif self.endpoint.startswith("tcp:") or self.endpoint.startswith("tcps:"):
             self.unixsocket = None
             self.host = self.endpoint[4:]
             if ":" in self.host:

However in trying to test this, I realized that we don't build postgres with SSL support. When I added "--with-openssl" to the PG configure args (in bin/_build.sh), it blows up on me because my OS vendor totally doesn't ship openssl headers, and I'm not trying to solve that right now... but maybe I can get it going via Homebrew. In the mean time, feel free to try the above patch and let me know if it 'just works' :)

-dre
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-dev/attachments/20160624/2e2a6ac9/attachment.html>