Re: Support for NSS as a libpq TLS backend - Mailing list pgsql-hackers

From Daniel Gustafsson
Subject Re: Support for NSS as a libpq TLS backend
Date
Msg-id 3EEE302A-62CF-4B74-A120-DE0E9699094D@yesql.se
Whole thread Raw
In response to Re: Support for NSS as a libpq TLS backend  (Joshua Brindle <joshua.brindle@crunchydata.com>)
Responses Re: Support for NSS as a libpq TLS backend
List pgsql-hackers
> On 17 Nov 2021, at 19:42, Joshua Brindle <joshua.brindle@crunchydata.com> wrote:
> On Tue, Nov 16, 2021 at 1:26 PM Joshua Brindle
> <joshua.brindle@crunchydata.com> wrote:

>> I think there it a typo in the docs here that prevents them from
>> building (this diff seems to fix it):

Ah yes, thanks, I had noticed that one but forgot to send out a new version to
make the CFBot green.

> After a bit more testing, the server is up and running with an nss
> database but before configuring the client database I tried connecting
> and got a segfault:

Interesting.  I'm unable to reproduce this crash, can you show the sequence of
commands which led to this?

> It looks like the ssl connection falls through to attempt a non-ssl
> connection but at some point conn->ssl_in_use gets set to true,
> despite pr_fd and nss_context being null.

pgtls_close missed setting ssl_in_use to false, fixed in the attached.  I've
also added some assertions to the connection setup for debugging this.

> This patch fixes the segfault but I suspect is not the correct fix,
> due to the error when connecting saying "Success":

Right, without an SSL enabled FD we should never get here.

--
Daniel Gustafsson        https://vmware.com/


Attachment

pgsql-hackers by date:

Previous
From: Juan José Santamaría Flecha
Date:
Subject: Re: Windows build warnings
Next
From: Alvaro Herrera
Date:
Subject: Re: Windows build warnings