Re: improve ssl error code, 2147483650 - Mailing list pgsql-hackers

From Tom Lane
Subject Re: improve ssl error code, 2147483650
Date
Msg-id 563351.1709841511@sss.pgh.pa.us
Whole thread Raw
In response to Re: improve ssl error code, 2147483650  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: improve ssl error code, 2147483650
List pgsql-hackers
I wrote:
> Stephen Frost <sfrost@snowman.net> writes:
>> Agreed that it doesn't seem well documented.  I was trying to figure out
>> what the 'right' answer here was myself and not having much success.  If
>> the above works, then +1 to that.

> My reaction as well --- I was just gearing up to test this idea,
> unless one of you are already on it?

I've confirmed that this:

diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
index e12b1cc9e3..47eee4b59d 100644
--- a/src/backend/libpq/be-secure-openssl.c
+++ b/src/backend/libpq/be-secure-openssl.c
@@ -1363,6 +1363,10 @@ SSLerrmessage(unsigned long ecode)
     errreason = ERR_reason_error_string(ecode);
     if (errreason != NULL)
         return errreason;
+#ifdef ERR_SYSTEM_ERROR
+    if (ERR_SYSTEM_ERROR(ecode))
+        return strerror(ERR_GET_REASON(ecode));
+#endif
     snprintf(errbuf, sizeof(errbuf), _("SSL error code %lu"), ecode);
     return errbuf;
 }

seems to be enough to fix the problem on OpenSSL 3.1.1.  The #ifdef
is needed to avoid compile failure against OpenSSL 1.1.1 --- but that
version doesn't have the problem, so we don't need to sweat.

This could probably do with a comment, and we need to propagate
the fix into libpq's copy of the function too.  Barring objections,
I'll take care of that and push it later today.

            regards, tom lane



pgsql-hackers by date:

Previous
From: Robert Haas
Date:
Subject: Re: Add system identifier to backup manifest
Next
From: Daniel Gustafsson
Date:
Subject: Re: improve ssl error code, 2147483650