Re: Re: pg_dump 8.4.9 failing after upgrade to openssl-1.0.1e-30.el6_6.11.x86_64 on redhat linux - Mailing list pgsql-general

From Albe Laurenz
Subject Re: Re: pg_dump 8.4.9 failing after upgrade to openssl-1.0.1e-30.el6_6.11.x86_64 on redhat linux
Date
Msg-id A737B7A37273E048B164557ADEF4A58B50F66FEF@ntex2010a.host.magwien.gv.at
Whole thread Raw
In response to Re: pg_dump 8.4.9 failing after upgrade to openssl-1.0.1e-30.el6_6.11.x86_64 on redhat linux  (Piotr Gackiewicz <gacek@intertele.pl>)
Responses Re: Re: pg_dump 8.4.9 failing after upgrade to openssl-1.0.1e-30.el6_6.11.x86_64 on redhat linux
List pgsql-general
Piotr Gackiewicz wrote:
> Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> Douglas Stetner <stetner@icloud.com> writes:
>>> Looking for confirmation there is an issue with pg_dump failing after
>>> upgrade to openssl-1.0.1e-30.el6_6.11.x86_64 on redhat linux.
>>
>> Quick thought --- did you restart the Postgres service after upgrading
>> openssl?  If not, your server is still using the old library version,
>> while pg_dump would be running the new version on the client side.
>> I don't know exactly what was done to openssl in the last round of
>> revisions, but maybe there is some sort of version compatibility issue.
>>
>> Also, you really ought to be running something newer than PG 8.4.9.

> I have the same problem with fresh postgresql 9.2.13.
> Started after upgrade to openssl-1.0.1e-30.el6_6.11.x86_64
> 
> Since then pg_dump aborts after dumping circa 2GB:
> 
> pg_dump: [archiver (db)] query failed: SSL error: unexpected message
> pg_dump: [archiver (db)] query was: FETCH 100 FROM _pg_dump_cursor
> 
> openssl-1.0.1e-30.el6_6.11.x86_64 on both ends (connecting via localhost)
> 
> pg_dump via unix socket, without "-h localhost" - there is no problem.
> 
> Fetching 2.5 GB of such text dump via https (apache + mod_ssl +
> openssl-1.0.1e-30.el6_6.11.x86_64) => wget +
> openssl-1.0.1e-30.el6_6.11.x86_64  - there is no problem
> 
> Looks like postgresql+ssl issue.
> 
> postgres=#  select name,setting,unit from pg_settings where name ~ 'ssl' ;
>           name           |              setting              | unit
> -------------------------+-----------------------------------+------
>  ssl                     | on                                |
>  ssl_ca_file             |                                   |
>  ssl_cert_file           | server.crt                        |
>  ssl_ciphers             | ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH |
>  ssl_crl_file            |                                   |
>  ssl_key_file            | server.key                        |
>  ssl_renegotiation_limit | 524288                            | kB
> 
> 
> Any thoughts?

Maybe it has something to do with this OpenSSL bug:
http://rt.openssl.org/Ticket/Display.html?id=3712&user=guest&pass=guest

Basically, OpenSSL fails to handle application data messages during renegotiation.

I have only encountered that when using other SSL libraries together with
OpenSSL, but maybe it can also happen with only OpenSSL.

Just to make sure:
Do you have the same version of OpenSSL on both PostgreSQL client and server?

Yours,
Laurenz Albe

pgsql-general by date:

Previous
From: Albe Laurenz
Date:
Subject: Re: Postgresql 9.2 has standby server lost data?
Next
From: Christian Ramseyer
Date:
Subject: How to speed up pg_trgm / gin index scan