On Wed, Mar 6, 2019 at 7:05 AM Thomas Munro <thomas.munro@gmail.com> wrote:
> On Wed, Mar 6, 2019 at 6:07 AM Tom Lane <tgl@sss.pgh.pa.us> wrote:
> > Annoying. I'd be happier about writing code to fix this if I could
> > reproduce it :-(
>
> Hmm. Note that eelpout only started doing it with OpenSSL 1.1.1.
Bleugh. I think this OpenSSL package might just be buggy on ARM. On
x86, apparently the same version of OpenSSL and all other details of
the test the same, I can see that SSL_connect() returns <= 0
(failure), and then we ask for that cert revoked message directly and
never even reach the startup packet sending code. On ARM,
SSL_connect() returns 1 (success) and then we proceed as discussed and
eventually get the error later (or not). So I think I should figure
out a minimal repro and report this to them.
--
Thomas Munro
https://enterprisedb.com