Postgres Pro
Downloads
Home   >   mailing lists

Re: Support for NSS as a libpq TLS backend - Mailing list pgsql-hackers

From Daniel Gustafsson
Subject Re: Support for NSS as a libpq TLS backend
Date
Msg-id 09DB934A-2B4B-4F1E-9DAA-C55D50F254D1@yesql.se
Whole thread Raw
In response to Re: Support for NSS as a libpq TLS backend  (Rachel Heaton <rachelmheaton@gmail.com>)
Responses Re: Support for NSS as a libpq TLS backend  (Jacob Champion <pchampion@vmware.com>)
List pgsql-hackers
Tree view 
> On 28 Sep 2021, at 01:07, Rachel Heaton <rachelmheaton@gmail.com> wrote:

> 1. I get 7 warnings while running make (truncated):
> cryptohash_nss.c:101:21: warning: implicit conversion from enumeration
> type 'SECOidTag' to different enumeration type 'HASH_HashType'

Nice catch, fixed in the attached.

> 2. libpq-refs-stamp fails -- it appears an exit is being injected into
> libpq on Mac

I spent some time investigating this, and there are two cases of _exit() and
one atexit() which are coming from the threading code in libnspr (which is the
runtime lib required by libnss).

On macOS the threading code registers an atexit handler [0] in order to work
around issues with __attribute__((destructor)) [1].  The pthreads code also
defines PR_ProcessExit [2] which does what it says on the tin, calls exit and
not much more [3].  Both of these uses are only compiled when building with
pthreads, which can be disabled in autoconf but that seems broken in recent
version of NSPR.  I'm fairly sure I've built NSPR with the user pthreads in the
past, but if packagers build it like this then we need to conform to that.  The
PR_CreateProcess() [4] call further calls _exit() [5] in a number of error
paths on failing syscalls.

The libpq libnss implementation doesn't call either of these, and neither does
libnss.

I'm not entirely sure what to do here, it clearly requires an exception in the
Makefile check of sorts if we deem we can live with this.

@Jacob: how did you configure your copy of NSPR?

--
Daniel Gustafsson        https://vmware.com/

[0] https://hg.mozilla.org/projects/nspr/file/tip/pr/src/pthreads/ptthread.c#l1034
[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1399746#c99
[2] https://www-archive.mozilla.org/projects/nspr/reference/html/prinit.html#15859
[3] https://hg.mozilla.org/projects/nspr/file/tip/pr/src/pthreads/ptthread.c#l1181
[4] https://www-archive.mozilla.org/projects/nspr/reference/html/prprocess.html#24535
[5] https://hg.mozilla.org/projects/nspr/file/tip/pr/src/md/unix/uxproces.c#l268
Attachment

pgsql-hackers by date:

Previous
From: Alvaro Herrera
Date:
Subject: Re: prevent immature WAL streaming
Next
From: Dmitry Dolgov
Date:
Subject: Re: pg_stat_statements and "IN" conditions