Home > mailing lists

Re: Rare SSL failures on eelpout - Mailing list pgsql-hackers

From	Thomas Munro
Subject	Re: Rare SSL failures on eelpout
Date	March 5, 2019 21:59:25
Msg-id	CA+hUKGK9LARF-XF3g1Pxx3oEQawXXeLa+uAXF9NMjaYv+=73Jw@mail.gmail.com Whole thread Raw
In response to	Re: Rare SSL failures on eelpout (Thomas Munro <thomas.munro@gmail.com>)
Responses	Re: Rare SSL failures on eelpout
List	pgsql-hackers

Tree view

On Wed, Mar 6, 2019 at 7:05 AM Thomas Munro <thomas.munro@gmail.com> wrote:
> On Wed, Mar 6, 2019 at 6:07 AM Tom Lane <tgl@sss.pgh.pa.us> wrote:
> > Annoying.  I'd be happier about writing code to fix this if I could
> > reproduce it :-(
>
> Hmm.  Note that eelpout only started doing it with OpenSSL 1.1.1.

Bleugh.  I think this OpenSSL package might just be buggy on ARM.  On
x86, apparently the same version of OpenSSL and all other details of
the test the same, I can see that SSL_connect() returns <= 0
(failure), and then we ask for that cert revoked message directly and
never even reach the startup packet sending code.  On ARM,
SSL_connect() returns 1 (success) and then we proceed as discussed and
eventually get the error later (or not).  So I think I should figure
out a minimal repro and report this to them.

-- 
Thomas Munro
https://enterprisedb.com

pgsql-hackers by date:

From: "Bossart, Nathan"
Date: 05 March 2019, 21:49:56
Subject: Re: New vacuum option to do only freezing

From: legrand legrand
Date: 05 March 2019, 22:13:09
Subject: Re: any plan to support shared servers like Oracle in PG?

Re: Rare SSL failures on eelpout - Mailing list pgsql-hackers

Previous

Next