Home > mailing lists

Re: buildfarm server suddenly not talking to old SSL stacks? - Mailing list pgsql-www

From	Tom Lane
Subject	Re: buildfarm server suddenly not talking to old SSL stacks?
Date	July 17, 2018 23:04:50
Msg-id	16741.1531847090@sss.pgh.pa.us Whole thread Raw
In response to	Re: buildfarm server suddenly not talking to old SSL stacks? (Magnus Hagander <magnus@hagander.net>)
Responses	Re: buildfarm server suddenly not talking to old SSL stacks? (Alvaro Herrera <alvherre@2ndquadrant.com>) Re: buildfarm server suddenly not talking to old SSL stacks? (Magnus Hagander <magnus@hagander.net>)
List	pgsql-www

Tree view

Magnus Hagander <magnus@hagander.net> writes:
> On Tue, Jul 17, 2018 at 7:28 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>>> My buildfarm animals dromedary and prairiedog have been failing since
>>> around 9AM EDT on Sunday. ... Have we done something recently to create
>>> an incompatibility with old SSL stacks?

> We also changed some of the server setup so there is now a haproxy that's
> doing the SSL termination. So there is probably a slightly different
> configuration of available SSL algorithms and such as well. It might be
> either one of those two, both changes happened not too far apart on that
> day.

Hm.  Closer investigation suggests that there's something else wrong.
While, as I said, curl works for non-SSL connections:

$ curl http://buildfarm.postgresql.org/branches_of_interest.txt
REL9_3_STABLE
REL9_4_STABLE
REL9_5_STABLE
REL9_6_STABLE
REL_10_STABLE
REL_11_STABLE
HEAD

doing the same thing the way the buildfarm script does it does not work:

$ perl -MLWP::Simple -e 'LWP::Simple::getprint("http://buildfarm.postgresql.org/branches_of_interest.txt");'
500 Can't connect to buildfarm.postgresql.org:80 (No route to host)
<URL:http://buildfarm.postgresql.org/branches_of_interest.txt>

That's on dromedary's host with perl 5.10.0.  Even weirder, it
*does* work on prairiedog's host with perl 5.8.3.  I think that the
latter installation is newer and hence may have newer copies of
some CPAN-supplied modules, but I'm not sure how to debug further.

Also, on prairiedog's host, this is what I get for the https case:

$ perl -MLWP::Simple -MLWP::Protocol::https -e
'LWP::Simple::getprint("https://buildfarm.postgresql.org/branches_of_interest.txt");'
500 Can't connect to buildfarm.postgresql.org:443 <URL:https://buildfarm.postgresql.org/branches_of_interest.txt>

which isn't terribly informative but it doesn't look like an SSL
certificate failure.

I've temporarily revived prairiedog by changing its config to report
to http not https.  But dromedary is dead in the water until this
gets sorted.

BTW, Noah's AIX critters may be suffering from the same problem;
I'd have expected them to report in by now on recent HEAD changes...

            regards, tom lane

pgsql-www by date:

From: Magnus Hagander
Date: 17 July 2018, 19:23:25
Subject: Re: buildfarm server suddenly not talking to old SSL stacks?

From: Alvaro Herrera
Date: 17 July 2018, 23:08:48
Subject: Re: buildfarm server suddenly not talking to old SSL stacks?

Re: buildfarm server suddenly not talking to old SSL stacks? - Mailing list pgsql-www

Previous

Next