Home > Uncategorized > bucardo and ssl

bucardo and ssl

bucardo uses DBD:Pg to communicate with postgresql.

Therefore the parameters for ssl to be used with bucardo are on the scale of a DB (can be set with bucardo_ctl), and the extra settings are described in DBD::Pg (*/DBD/Pg.pm).

If a parameter is not given, the connect() method will first look for
specific environment variables, and then fall back to hard-coded defaults:

  parameter    environment variable    hard coded default
  host         PGHOST                  local domain socket
  hostaddr     PGHOSTADDR              local domain socket
  port         PGPORT                  5432
  dbname*      PGDATABASE              current userid
  username     PGUSER                  current userid
  password     PGPASSWORD              (none)
  options      PGOPTIONS               (none)
  service      PGSERVICE               (none)
  sslmode      PGSSLMODE               (none)

And there are four methods of using SSL:

There are four valid arguments to the I<sslmode> parameter, which controls
whether to use SSL to connect to the database:

* disable: SSL connections are never used
* allow: try non-SSL, then SSL
* prefer: try SSL, then non-SSL
* require: connect only with SSL

I’m not sure when DBD::Pg rejects a certificate, or how to configure it to reject and untrusted certificate.

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: