Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Connecting kong-gateway to crunchy-postgres fails with ecdsa-with-sha384: invalid digest type #9341

Closed
1 task done
wombat opened this issue Aug 30, 2022 · 5 comments · Fixed by #9815
Closed
1 task done

Connecting kong-gateway to crunchy-postgres fails with ecdsa-with-sha384: invalid digest type #9341

wombat opened this issue Aug 30, 2022 · 5 comments · Fixed by #9815
Labels
core/db core/ssl Discussions regarding SSL/TLS in Kong Gateway

Comments

@wombat
Copy link

wombat commented Aug 30, 2022
edited
Loading

Is there an existing issue for this?

  • I have searched the existing issues

Kong version ($ kong version)

Kong 2.8.1.2

Current Behavior

When I install the latest crunchy-postgres operator, create a postgres instance and try to connect kong-gateway to the crunchy-postgres instance, I am getting the error Error: x509.cert:digest: ecdsa-with-sha384: invalid digest type

I activated the pg_ssl setting and set pg_ssl_version to tlsv1_2

Expected Behavior

Kong should connect successfully to the crunchy-postgres instance

Steps To Reproduce

1. Install Crunchy-Postgres-Operator
2. Install a Postgres Instance using the operator
3. Create a kong installation pointing the database to the Postgres Instance from the Crunchy Operator

Anything else?

Openshift 4.10
Kong IngressController 2.5.0
Kong Helm Chart 2.11.0
@samugi samugi added core/db core/ssl Discussions regarding SSL/TLS in Kong Gateway labels Aug 30, 2022
@bungle
Copy link
Member

bungle commented Aug 31, 2022

@wombat can you switch to something else than ecdsa-with-sha384. I don't think pgmoon supports that.

@bungle
Copy link
Member

bungle commented Aug 31, 2022

@wombat there seems to be a PR though:
leafo/pgmoon#127

@wombat
Copy link
Author

wombat commented Oct 25, 2022

This seems to be hopefully fixed now upstream: leafo/pgmoon#130

Will this be included in one of the next releases?

@hanshuebner
Copy link
Contributor

Hello @wombat,

sorry for the long delay in responding. Once pgmoon 1.16 is released, we will switch Kong Gateway to use it, hopefully making this issue go away.

Kind regards,
Hans

@wombat
Copy link
Author

wombat commented Nov 23, 2022

@hanshuebner leafo was super nice and released a new version yesterday 🎉

fffonion added a commit that referenced this issue Nov 23, 2022
@fffonion
chore(deps): bump pgmoon to 1.16.0
b97dd0d 
Fix #9341
@fffonion fffonion mentioned this issue Nov 23, 2022
Merged
@gszr gszr closed this as completed in 20d7360 Nov 23, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
core/db core/ssl Discussions regarding SSL/TLS in Kong Gateway
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

chore(deps): bump pgmoon to 1.16.0 Kong/kong
4 participants
@hanshuebner @wombat @bungle @samugi