Psycopg2 - PGBouncer - Postgresql > Server does not support SSL but SSL was required
https://dba.stackexchange.com/questions/174205
-
07-10-2020 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I've setup my Django application to use SSL while connecting to the Postgresql database via pgbouncer. I'm using Psycopg2 library.
I've done this before successfully, so I just did the same steps again.
But! After installing certificates to both servers and clients and making the installations, when I tried to run my application, I've got the error:
django.db.utils.OperationalError: server does not support SSL, but SSL was required
When I entered the command
psql --set=sslmode=verify-full -h DBHOST -p DBPORT -U USERNAME DBNAME
I can successfully connect to database by entering my password
But when I write the command like this;
psql "sslmode=verify-full host=DBHOST dbname=DBNAME port=DBPORT user=USERNAME"
or when I entered the code from python shell
import psycopg2
conn = psycopg2.connect(database='DBNAME', user='DBUSER', password='DBPASS', host='DBHOST', port='DBPORT', sslmode='verify-full')
I got the stack trace;
/virtual_environment_path/local/lib/python2.7/site-packages/psycopg2/__init__.pyc in connect(dsn, connection_factory, cursor_factory, **kwargs)
128
129 dsn = _ext.make_dsn(dsn, **kwargs)
--> 130 conn = _connect(dsn, connection_factory=connection_factory, **kwasync)
131 if cursor_factory is not None:
132 conn.cursor_factory = cursor_factory
OperationalError: server does not support SSL, but SSL was required
What may be the problem? I've compared the installated packages between previous installation which is succesful, versions of packages, certificates, file permissions etc. But I'm stuck in this issue.
Thank you very much for your help.
Solution 2
This may be the most silly answer, but when I changed my pgbouncer file, it worked like a charm.
client_tls_sslmode = verify-full
client_tls_key_file = /var/lib/postgresql/9.5/main/server.key
client_tls_cert_file = /var/lib/postgresql/9.5/main/server.crt
client_tls_ca_file = /var/lib/postgresql/9.5/main/rootCA.crt
part was just after the [databases] part, I moved it to authentication settings part, and it worked.
OTHER TIPS
The reason that this command worked:
psql --set=sslmode=verify-full -h DBHOST -p DBPORT -U USERNAME DBNAME
Is that --set just creates a user-defined variable inside the psql program with the name of 'sslmode'. That name is not special to psql, it does nothing with your connection options and you just connect without ssl.
