英文:
Error: received unencrypted data after SSL request
问题
我已经使用以下代码与数据库服务器建立了一个TCP连接:
conn, err := net.Dial("tcp", "localhost:5432")
连接成功后,我运行了以下代码:
_, err = conn.Write([]byte(query))
if err != nil {
fmt.Printf("Query failed: %v\n", err)
return
// 读取响应并以表格形式打印结果
buf := make([]byte, 50000)
n, err := conn.Read(buf)
if err != nil {
fmt.Printf("Failed to read response: %v\n", err)
return
}
fmt.Printf("Response received: %s\n", string(buf[:n]))
它打印出:
Response received: N
服务器的日志文件显示:
2023-02-22 22:59:49.834 PKT [54802] FATAL: received unencrypted data after SSL request
2023-02-22 22:59:49.834 PKT [54802] DETAIL: This could be either a client-software bug or evidence of an attempted man-in-the-middle attack.
英文:
I have opened a TCP connection with the database server using:
conn, err := net.Dial("tcp", "localhost:5432")
Which is successful after that I am running this piece of code:
_, err = conn.Write([]byte(query))
if err != nil {
fmt.Printf("Query failed: %v\n", err)
return
// Read the response and print the result in table view
buf := make([]byte, 50000)
n, err := conn.Read(buf)
if err != nil {
fmt.Printf("Failed to read response: %v\n", err)
return
}
fmt.Printf("Response received: %s\n", string(buf[:n]))
It prints:
Response received: N
And log file of server says:
2023-02-22 22:59:49.834 PKT [54802] FATAL: received unencrypted data after SSL request
2023-02-22 22:59:49.834 PKT [54802] DETAIL: This could be either a client-software bug or evidence of an attempted man-in-the-middle attack.
答案1
得分: 1
PostgreSQL服务器默认要求所有客户端使用SSL加密连接,因此它将始终拒绝您的请求。
为了测试/开发目的,并且知道您的连接将不安全,您可以通过一些技巧解决此问题:
- 使用TLS包创建一个连接,并允许它跳过证书验证。
tlsConfig := &tls.Config{
InsecureSkipVerify: true,
}
conn, err := tls.Dial("tcp", "localhost:5432", tlsConfig)
- 如果可能的话,始终使用
database/sql包,它将为您抽象出所有特定于数据库供应商的细节。将sslmode设置为禁用。
connStr := "user=myuser password=mypassword dbname=mydb host=localhost sslmode=disable"
db, err := sql.Open("postgres", connStr)
if err != nil {
fmt.Printf("Failed to connect to server: %v\n", err)
return
}
defer db.Close()
- 在您的PostgreSQL安装的
data目录中找到pg_hba.conf文件,并添加以下行以始终信任本地主机:
host postgres postgres 127.0.0.1/32 trust
假设用户名为postgres。
- 在您的PostgreSQL安装的
data目录中找到postgres.conf文件,并将ssl参数设置为off。
请记住,所有这些配置仍然会使您的连接不安全且容易受到攻击。
要正确创建带有SSL的连接,您需要设置您的证书。这个GIST应该会有所帮助。
英文:
The PostgreSQL server demands by default that all its clients use an SSL-encrypted connection, so it will always reject your requests.
For testing/dev purposes and aware that your connection will be unsafe, you can work around this with some tricks:
- Create a connection with the TLS package and allow it to skip the certificates verification.
tlsConfig := &tls.Config{
InsecureSkipVerify: true,
}
conn, err := tls.Dial("tcp", "localhost:5432", tlsConfig)
- If you could, always use the
database/sqlpackage, it abstracts all those database vendor specificities to you. Set thesslmodeto disable.
connStr := "user=myuser password=mypassword dbname=mydb host=localhost sslmode=disable"
db, err := sql.Open("postgres", connStr)
if err != nil {
fmt.Printf("Failed to connect to server: %v\n", err)
return
}
defer db.Close()
- Find the
pg_hba.conffile in your PostgreSQL installationdatadirectory and add the following line to always trust your local host:
host postgres postgres 127.0.0.1/32 trust
Assuming the username is postgres
- Find the
postgres.conffile in your PostgreSQL installationdatadirectory and set thesslparameter tooff.
Remember that all those are configurations that will still leave your connection unsafe and prone to attacks.
To properly create your connection with SSL you need to set up your certificates. This GIST should help.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论