Postgres Pro
Downloads
Home   >   mailing lists

Re: [BUGS] BUG #2724: Could not check connection status with "ssl=on" - Mailing list pgsql-patches

From Bruce Momjian
Subject Re: [BUGS] BUG #2724: Could not check connection status with "ssl=on"
Date
Msg-id 200702140404.l1E44YA12283@momjian.us
Whole thread Raw
Responses Re: Re: [BUGS] BUG #2724: Could not check connection status with "ssl=on"
List pgsql-patches
Tree view 
Based on this report, I have developed the attached patch.  Is this OK?

The idea is not to call SSL_shutdown() if errno == ECONNRESET.

---------------------------------------------------------------------------

Алексей Заяц wrote:
> Hi.
>
> > I would argue that this is an OpenSSL bug: it should not be trying to
> > write on a connection that it knows perfectly well is already dead.
> > (It should know that, anyway, because the only way that pqReadData would
> > be trying to close the connection is that it got an error indication
> > from OpenSSL.)
> May be, may be...
>
> > Possibly we could work around the problem by disabling SIGPIPE during
> > connection close, but I don't really see why we should have to do that.
> While take a look at source of libpq, i have discover following:
> while reading from pipe, you are getting
>     case SSL_ERROR_ZERO_RETURN:
>                 SOCK_ERRNO_SET(ECONNRESET);
> but why you'r do not check
> SOCK_ERRNO != ECONNRESET
> while closing ssl connection ?
>
> i was trying this and all is work fine.
>
> In function close_SSL you are call SSL_shutdown to shutdown ssl pipe.
> But if you are already get ECONNRESET (by pear?), why you call whi funtcion?
>
> >From openssl docs.
> SSL_shutdown  - shuts down an active TLS/SSL connection. It sends the ``close
> notify'' shutdown alert to the peer.
>
> That's why i've got SIGPIPE.
>
> > That's pretty much a waste of time, because all it tells you is whether
> > the connection was good the last time a query was done.  It is *not*
> > intended as an active "ping".
> Ok, i'll take it in my mind.
>
> Alexey Zayats.
>
> ---------------------------(end of broadcast)---------------------------
> TIP 3: Have you checked our extensive FAQ?
>
>                http://www.postgresql.org/docs/faq

--
  Bruce Momjian  <bruce@momjian.us>          http://momjian.us
  EnterpriseDB                               http://www.enterprisedb.com

  + If your life is a hard drive, Christ can be your backup. +
Index: src/interfaces/libpq/fe-secure.c
===================================================================
RCS file: /cvsroot/pgsql/src/interfaces/libpq/fe-secure.c,v
retrieving revision 1.92
diff -c -c -r1.92 fe-secure.c
*** src/interfaces/libpq/fe-secure.c    8 Feb 2007 11:10:27 -0000    1.92
--- src/interfaces/libpq/fe-secure.c    14 Feb 2007 04:00:36 -0000
***************
*** 976,982 ****
  {
      if (conn->ssl)
      {
!         SSL_shutdown(conn->ssl);
          SSL_free(conn->ssl);
          conn->ssl = NULL;
      }
--- 976,983 ----
  {
      if (conn->ssl)
      {
!         if (SOCK_ERRNO != ECONNRESET)
!             SSL_shutdown(conn->ssl);
          SSL_free(conn->ssl);
          conn->ssl = NULL;
      }

pgsql-patches by date:

Previous
From: Bruce Momjian
Date:
Subject: Re: psql \lo_* quiet mode patch
Next
From: Tom Lane
Date:
Subject: Re: Re: [BUGS] BUG #2724: Could not check connection status with "ssl=on"