错误:在 SSL 请求之后收到了未加密的数据。

huangapple go评论92阅读模式
英文:

Error: received unencrypted data after SSL request

问题

我已经使用以下代码与数据库服务器建立了一个TCP连接:

conn, err := net.Dial("tcp", "localhost:5432")
连接成功后,我运行了以下代码:


	_, err = conn.Write([]byte(query))
	if err != nil {
		fmt.Printf("Query failed: %v\n", err)
		return


	// 读取响应并以表格形式打印结果
	buf := make([]byte, 50000)
	n, err := conn.Read(buf)
	if err != nil {
		fmt.Printf("Failed to read response: %v\n", err)
		return
	}
	fmt.Printf("Response received: %s\n", string(buf[:n]))

它打印出:
Response received: N

服务器的日志文件显示:

2023-02-22 22:59:49.834 PKT [54802] FATAL: received unencrypted data after SSL request

2023-02-22 22:59:49.834 PKT [54802] DETAIL: This could be either a client-software bug or evidence of an attempted man-in-the-middle attack.

英文:

I have opened a TCP connection with the database server using:

conn, err := net.Dial("tcp", "localhost:5432")
Which is successful after that I am running this piece of code:


	_, err = conn.Write([]byte(query))
	if err != nil {
		fmt.Printf("Query failed: %v\n", err)
		return


	// Read the response and print the result in table view
	buf := make([]byte, 50000)
	n, err := conn.Read(buf)
	if err != nil {
		fmt.Printf("Failed to read response: %v\n", err)
		return
	}
	fmt.Printf("Response received: %s\n", string(buf[:n]))

It prints:
Response received: N

And log file of server says:

2023-02-22 22:59:49.834 PKT [54802] FATAL: received unencrypted data after SSL request

2023-02-22 22:59:49.834 PKT [54802] DETAIL: This could be either a client-software bug or evidence of an attempted man-in-the-middle attack.

答案1

得分: 1

PostgreSQL服务器默认要求所有客户端使用SSL加密连接,因此它将始终拒绝您的请求。

为了测试/开发目的,并且知道您的连接将不安全,您可以通过一些技巧解决此问题:

  1. 使用TLS包创建一个连接,并允许它跳过证书验证。
tlsConfig := &tls.Config{
    InsecureSkipVerify: true,
}

conn, err := tls.Dial("tcp", "localhost:5432", tlsConfig)
  1. 如果可能的话,始终使用database/sql包,它将为您抽象出所有特定于数据库供应商的细节。将sslmode设置为禁用。
connStr := "user=myuser password=mypassword dbname=mydb host=localhost sslmode=disable"
db, err := sql.Open("postgres", connStr)
if err != nil {
    fmt.Printf("Failed to connect to server: %v\n", err)
    return
}
defer db.Close()
  1. 在您的PostgreSQL安装的data目录中找到pg_hba.conf文件,并添加以下行以始终信任本地主机:
host    postgres   postgres   127.0.0.1/32    trust

假设用户名为postgres

  1. 在您的PostgreSQL安装的data目录中找到postgres.conf文件,并将ssl参数设置为off

请记住,所有这些配置仍然会使您的连接不安全且容易受到攻击。

要正确创建带有SSL的连接,您需要设置您的证书。这个GIST应该会有所帮助。

英文:

The PostgreSQL server demands by default that all its clients use an SSL-encrypted connection, so it will always reject your requests.

For testing/dev purposes and aware that your connection will be unsafe, you can work around this with some tricks:

  1. Create a connection with the TLS package and allow it to skip the certificates verification.
  tlsConfig := &tls.Config{
    InsecureSkipVerify: true,
  }
        
  conn, err := tls.Dial("tcp", "localhost:5432", tlsConfig)
  1. If you could, always use the database/sql package, it abstracts all those database vendor specificities to you. Set the sslmode to disable.
  connStr := "user=myuser password=mypassword dbname=mydb host=localhost sslmode=disable"
  db, err := sql.Open("postgres", connStr)
  if err != nil {
      fmt.Printf("Failed to connect to server: %v\n", err)
      return
  }
  defer db.Close()
  1. Find the pg_hba.conf file in your PostgreSQL installation data directory and add the following line to always trust your local host:
    host    postgres   postgres   127.0.0.1/32    trust

Assuming the username is postgres

  1. Find the postgres.conf file in your PostgreSQL installation data directory and set the ssl parameter to off.

Remember that all those are configurations that will still leave your connection unsafe and prone to attacks.

To properly create your connection with SSL you need to set up your certificates. This GIST should help.

huangapple
  • 本文由 发表于 2023年2月23日 02:21:05
  • 转载请务必保留本文链接:https://go.coder-hub.com/75536713.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定