Piotr Gackiewicz wrote:
> Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> Douglas Stetner <stetner@icloud.com> writes:
>>> Looking for confirmation there is an issue with pg_dump failing after
>>> upgrade to openssl-1.0.1e-30.el6_6.11.x86_64 on redhat linux.
>>
>> Quick thought --- did you restart the Postgres service after upgrading
>> openssl? If not, your server is still using the old library version,
>> while pg_dump would be running the new version on the client side.
>> I don't know exactly what was done to openssl in the last round of
>> revisions, but maybe there is some sort of version compatibility issue.
>>
>> Also, you really ought to be running something newer than PG 8.4.9.
> I have the same problem with fresh postgresql 9.2.13.
> Started after upgrade to openssl-1.0.1e-30.el6_6.11.x86_64
>
> Since then pg_dump aborts after dumping circa 2GB:
>
> pg_dump: [archiver (db)] query failed: SSL error: unexpected message
> pg_dump: [archiver (db)] query was: FETCH 100 FROM _pg_dump_cursor
>
> openssl-1.0.1e-30.el6_6.11.x86_64 on both ends (connecting via localhost)
>
> pg_dump via unix socket, without "-h localhost" - there is no problem.
>
> Fetching 2.5 GB of such text dump via https (apache + mod_ssl +
> openssl-1.0.1e-30.el6_6.11.x86_64) => wget +
> openssl-1.0.1e-30.el6_6.11.x86_64 - there is no problem
>
> Looks like postgresql+ssl issue.
>
> postgres=# select name,setting,unit from pg_settings where name ~ 'ssl' ;
> name | setting | unit
> -------------------------+-----------------------------------+------
> ssl | on |
> ssl_ca_file | |
> ssl_cert_file | server.crt |
> ssl_ciphers | ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH |
> ssl_crl_file | |
> ssl_key_file | server.key |
> ssl_renegotiation_limit | 524288 | kB
>
>
> Any thoughts?
Maybe it has something to do with this OpenSSL bug:
http://rt.openssl.org/Ticket/Display.html?id=3712&user=guest&pass=guest
Basically, OpenSSL fails to handle application data messages during renegotiation.
I have only encountered that when using other SSL libraries together with
OpenSSL, but maybe it can also happen with only OpenSSL.
Just to make sure:
Do you have the same version of OpenSSL on both PostgreSQL client and server?
Yours,
Laurenz Albe