[Pkg-postgresql-public] Bug#819178: pgbouncer_1.7.2 from pgdg fails with "FATAL TLS setup failed: ssl verify setup failure"

Glyn Astill glyn.astill at seetickets.com
Thu Mar 24 14:30:38 UTC 2016 

Package: pgbouncer
Version: 1.7.2-1.pgdg80+1
Severity: important

Dear Maintainer,

Pgbouncer 1.7.2 on amd64 from apt.postgresql.org appears to fail to start when allowing tls connections with the error "FATAL TLS setup failed: ssl verify setup failure".  If client_tls_sslmode is set to disable then pgbouncer starts as usual.

If the source of the package is pulled and built the issue goes away and pgbouncer starts with client tls connections enabled.

Answers to template questions:

   Q: What led up to the situation?
   A: Installed amd64 binary pgbouncer 1.7.2 from jessie-pgd and configured for tls connections as follows:

	client_tls_sslmode = allow
	client_tls_key_file = /var/ssl_certs/server.key
	client_tls_cert_file = /var/ssl_certs/server.crt
	client_tls_protocols = secure
	client_tls_ciphers = secure
	server_tls_sslmode = allow
	server_tls_protocols = secure
	server_tls_ciphers = secure

      Pgbouncer fails to start with uninformative error:
	"FATAL TLS setup failed: ssl verify setup failure"

   Q: What exactly did you do (or not do) that was effective (or
     ineffective)?
   A: Pulled the source for the package and installed as follows:

	apt-get -t jessie-pgdg source pgbouncer
	cd pgbouncer-1.7.2
	dpkg-buildpackage -us -uc
	dpkg -i pgbouncer_1.7.2-1.pgdg80+1_amd64.deb

   Q: What was the outcome of this action?
   A: The issue went away and pgbouncer starts with tls enabled.

   Q: What outcome did you expect instead?
   A: I expected some sort of issue with certificates, but it appers to be something to do with the binary package only.


-- System Information:
Debian Release: 8.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages pgbouncer depends on:
ii  libc6              2.19-18+deb8u3
ii  libevent-2.0-5     2.0.21-stable-2
ii  libssl1.0.0        1.0.1k-3+deb8u4
ii  lsb-base           4.1+Debian13+nmu1
ii  postgresql-common  172.pgdg80+1

pgbouncer recommends no packages.

Versions of packages pgbouncer suggests:
ii  python           2.7.9-1
pn  python-psycopg2  <none>

-- Configuration Files:
/etc/init.d/pgbouncer changed [not included]
/etc/pgbouncer/pgbouncer.ini [Errno 13] Permission denied: u'/etc/pgbouncer/pgbouncer.ini'
/etc/pgbouncer/userlist.txt [Errno 13] Permission denied: u'/etc/pgbouncer/userlist.txt'

-- no debconf information

More information about the Pkg-postgresql-public mailing list