Re: Bug #838: SSL problems in 7.3 - Mailing list pgsql-bugs
| From | Bruce Momjian |
|---|---|
| Subject | Re: Bug #838: SSL problems in 7.3 |
| Date | |
| Msg-id | 200212141845.gBEIjhU01748@candle.pha.pa.us Whole thread Raw |
| In response to | Re: Bug #838: SSL problems in 7.3 (Nathan Mueller <nmueller@cs.wisc.edu>) |
| List | pgsql-bugs |
I checked through the rest of the SSL code and caught a few more cases. The strange part here is that COMMERROR is for cases where the client might not exist, and obviously you are seeing that. The problem is that these errors can happen when the client _does_ exist too. Not sure how to handle that, but let me get this fix in now. Attached patch applied to HEAD and 7.3.X. Thanks. --------------------------------------------------------------------------- Nathan Mueller wrote: > Ok, I think I've gotten this figured out now. I saw this comment in pqcomm.c, > switched the ERROR logs to COMMERROR logs and it all works. I've attached a > patch to be-secure.c that fixes all my problems. Hopefully this is the right fix. > > --Nate > > /* > * Careful: an elog() that tries to write to the client would > * cause recursion to here, leading to stack overflow and core > * dump! This message must go *only* to the postmaster log. > */ > [ Attachment, skipping... ] > > ---------------------------(end of broadcast)--------------------------- > TIP 4: Don't 'kill -9' the postmaster -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073 Index: be-secure.c =================================================================== RCS file: /cvsroot/pgsql-server/src/backend/libpq/be-secure.c,v retrieving revision 1.18 retrieving revision 1.19 diff -c -c -r1.18 -r1.19 *** be-secure.c 13 Dec 2002 05:51:29 -0000 1.18 --- be-secure.c 14 Dec 2002 18:39:14 -0000 1.19 *************** *** 11,17 **** * * * IDENTIFICATION ! * $Header: /cvsroot/pgsql-server/src/backend/libpq/be-secure.c,v 1.18 2002/12/13 05:51:29 momjian Exp $ * * Since the server static private key ($DataDir/server.key) * will normally be stored unencrypted so that the database --- 11,17 ---- * * * IDENTIFICATION ! * $Header: /cvsroot/pgsql-server/src/backend/libpq/be-secure.c,v 1.19 2002/12/14 18:39:14 momjian Exp $ * * Since the server static private key ($DataDir/server.key) * will normally be stored unencrypted so that the database *************** *** 289,298 **** break; case SSL_ERROR_SYSCALL: if (n == -1) ! elog(ERROR, "SSL SYSCALL error: %s", strerror(errno)); break; case SSL_ERROR_SSL: ! elog(ERROR, "SSL error: %s", SSLerrmessage()); /* fall through */ case SSL_ERROR_ZERO_RETURN: secure_close(port); --- 289,298 ---- break; case SSL_ERROR_SYSCALL: if (n == -1) ! elog(COMMERROR, "SSL SYSCALL error: %s", strerror(errno)); break; case SSL_ERROR_SSL: ! elog(COMMERROR, "SSL error: %s", SSLerrmessage()); /* fall through */ case SSL_ERROR_ZERO_RETURN: secure_close(port); *************** *** 339,348 **** break; case SSL_ERROR_SYSCALL: if (n == -1) ! elog(ERROR, "SSL SYSCALL error: %s", strerror(errno)); break; case SSL_ERROR_SSL: ! elog(ERROR, "SSL error: %s", SSLerrmessage()); /* fall through */ case SSL_ERROR_ZERO_RETURN: secure_close(port); --- 339,348 ---- break; case SSL_ERROR_SYSCALL: if (n == -1) ! elog(COMMERROR, "SSL SYSCALL error: %s", strerror(errno)); break; case SSL_ERROR_SSL: ! elog(COMMERROR, "SSL error: %s", SSLerrmessage()); /* fall through */ case SSL_ERROR_ZERO_RETURN: secure_close(port); *************** *** 678,684 **** !SSL_set_fd(port->ssl, port->sock) || SSL_accept(port->ssl) <= 0) { ! elog(ERROR, "failed to initialize SSL connection: %s", SSLerrmessage()); close_SSL(port); return -1; } --- 678,684 ---- !SSL_set_fd(port->ssl, port->sock) || SSL_accept(port->ssl) <= 0) { ! elog(COMMERROR, "failed to initialize SSL connection: %s", SSLerrmessage()); close_SSL(port); return -1; }
pgsql-bugs by date: