Invalid SSL mode for remote PostgreSQL connection
Question
For context:
- Using a Azure cloud instance of a PostGRES database.
- Using RHEL7 with openssl and openssl-dev installed.
- Using python2.7.
- I can import SSL in python2.7 shell without issue.
- I can connect to a locally hosted PostGRES database using psycopg2 without issue.
When I try connecting to the remote database using sslmode='require' I receive an OperationalError that sslmode value "require" invalid when SSL support is not compiled in. Looking at the SSL settings for the PostGRES instance in Azure, I see that the SSL mode is "prefer", however if I try to use that for the psycopg2 connection, I'm told that a SSL connection is required.
For the record, I have no issue connecting to this remote database using python3.7 from a Windows 10 machine. This leads me to believe that there isn't some configuration issue with the remote instance, and that the issue lies somewhere in RHEL7 and python2.7. Has anyone else ran into this issue?
edit: Pyscopg2 was installed in a virtual environment using 'pip install psycopg2'
1 answers
solution1
0 2019-12-13 22:11:55
I can import SSL in python2.7 shell without issue.
SSL support for a PostgreSQL connection needs to come from libpq (which is what psycopg2 uses to establish and manage the database connection). Being able to load an SSL module at the python level won't help, as it can't stitch that module together with libpq. So it seems you somehow managed to install a libpq compiled without SSL support. I don't know how you did that. Can you show us how you installed psycopg2 and its dependencies?
Looking at the SSL settings for the PostGRES instance in Azure, I see that the SSL mode is "prefer",
"prefer" is a setting for clients. There is no such setting on the server side. The server can allow SSL, or can demand SSL. If it allows but does not demand, then it is up to the client to decide what to do.
however if I try to use that for the psycopg2 connection, I'm told that a SSL connection is required.
The server demands SSL. The client is unable to comply, because it does not have support for it compiled in.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.