Re: pg_dump 8.4.9 failing after upgrade to openssl-1.0.1e-30.el6_6.11.x86_64 on redhat linux - Mailing list pgsql-general

From Tom Lane
Subject Re: pg_dump 8.4.9 failing after upgrade to openssl-1.0.1e-30.el6_6.11.x86_64 on redhat linux
Date
Msg-id 44344.1434739320@sss.pgh.pa.us
Whole thread Raw
In response to Re: pg_dump 8.4.9 failing after upgrade to openssl-1.0.1e-30.el6_6.11.x86_64 on redhat linux  (Douglas Stetner <stetner@icloud.com>)
List pgsql-general
Douglas Stetner <stetner@icloud.com> writes:
> On 18 Jun 2015, at 02:06 , Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> Douglas Stetner <stetner@icloud.com> writes:
>>> Looking for confirmation there is an issue with pg_dump failing after upgrade to openssl-1.0.1e-30.el6_6.11.x86_64
onredhat linux. 

>> Quick thought --- did you restart the Postgres service after upgrading
>> openssl?  If not, your server is still using the old library version,
>> while pg_dump would be running the new version on the client side.
>> I don't know exactly what was done to openssl in the last round of
>> revisions, but maybe there is some sort of version compatibility issue.
>>
>> Also, you really ought to be running something newer than PG 8.4.9.

> Thanks for the reply Tom.  Unfortunately restart did not help.  Will try
> an upgrade to 8.4.20 (other software depends on 8.4.x) A remote client
> with 8.4.20 works, so fingers crossed.

Hm.  The only possibly SSL-relevant patch I see in the 8.4 git history is
this:

Author: Tom Lane <tgl@sss.pgh.pa.us>
Branch: master Release: REL9_4_BR [74242c23c] 2013-12-05 12:48:28 -0500
Branch: REL9_3_STABLE Release: REL9_3_3 [2a6e1a554] 2013-12-05 12:48:31 -0500
Branch: REL9_2_STABLE Release: REL9_2_7 [41042970b] 2013-12-05 12:48:35 -0500
Branch: REL9_1_STABLE Release: REL9_1_12 [ad910ccdc] 2013-12-05 12:48:37 -0500
Branch: REL9_0_STABLE Release: REL9_0_16 [36352ceb4] 2013-12-05 12:48:41 -0500
Branch: REL8_4_STABLE Release: REL8_4_20 [7635dae55] 2013-12-05 12:48:44 -0500

    Clear retry flags properly in replacement OpenSSL sock_write function.

    Current OpenSSL code includes a BIO_clear_retry_flags() step in the
    sock_write() function.  Either we failed to copy the code correctly, or
    they added this since we copied it.  In any case, lack of the clear step
    appears to be the cause of the server lockup after connection loss reported
    in bug #8647 from Valentine Gogichashvili.  Assume that this is correct
    coding for all OpenSSL versions, and hence back-patch to all supported
    branches.

    Diagnosis and patch by Alexander Kukushkin.

Although the problem that was reported at the time isn't much like yours,
it's possible that this missing step has additional effects with the
latest openssl version; so it's certainly worth trying.

Whether this fixes your immediate issue or not, you really ought to be
using the last available 8.4.x version, which is 8.4.22.

            regards, tom lane


pgsql-general by date:

Previous
From: Adrian Klaver
Date:
Subject: Re: Postgresql 9.2 has standby server lost data?
Next
From: Tom Lane
Date:
Subject: Re: Postgres SIGALRM timer