Re: improve ssl error code, 2147483650 - Mailing list pgsql-hackers

From Daniel Gustafsson
Subject Re: improve ssl error code, 2147483650
Date
Msg-id 61B1CFBD-14F8-4ECE-816E-6618FD68781C@yesql.se
Whole thread Raw
In response to Re: improve ssl error code, 2147483650  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: improve ssl error code, 2147483650
List pgsql-hackers
> On 7 Mar 2024, at 20:58, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>
> I wrote:
>> Stephen Frost <sfrost@snowman.net> writes:
>>> Agreed that it doesn't seem well documented.  I was trying to figure out
>>> what the 'right' answer here was myself and not having much success.  If
>>> the above works, then +1 to that.
>
>> My reaction as well --- I was just gearing up to test this idea,
>> unless one of you are already on it?
>
> I've confirmed that this:
>
> diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
> index e12b1cc9e3..47eee4b59d 100644
> --- a/src/backend/libpq/be-secure-openssl.c
> +++ b/src/backend/libpq/be-secure-openssl.c
> @@ -1363,6 +1363,10 @@ SSLerrmessage(unsigned long ecode)
>     errreason = ERR_reason_error_string(ecode);
>     if (errreason != NULL)
>         return errreason;
> +#ifdef ERR_SYSTEM_ERROR
> +    if (ERR_SYSTEM_ERROR(ecode))
> +        return strerror(ERR_GET_REASON(ecode));
> +#endif
>     snprintf(errbuf, sizeof(errbuf), _("SSL error code %lu"), ecode);
>     return errbuf;
> }
>
> seems to be enough to fix the problem on OpenSSL 3.1.1.  The #ifdef
> is needed to avoid compile failure against OpenSSL 1.1.1 --- but that
> version doesn't have the problem, so we don't need to sweat.

This was introduced in OpenSSL 3.0.0 so that makes sense.  Pre-3.0.0 versions
truncates system errorcodes that was outside of the range 1..127 reserving the
rest for OpenSSL specific errors.  To capture the full range possible of system
errors the code is no longer truncated and the ERR_SYSTEM_FLAG flag is set,
which can be tested for with the macro used here.

> This could probably do with a comment, and we need to propagate
> the fix into libpq's copy of the function too.  Barring objections,
> I'll take care of that and push it later today.

LGTM.

--
Daniel Gustafsson




pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: improve ssl error code, 2147483650
Next
From: Alena Rybakina
Date:
Subject: Re: POC, WIP: OR-clause support for indexes