Re: [HACKERS] Error-like LOG when connecting with SSL for password authentication - Mailing list pgsql-hackers

From Michael Paquier
Subject Re: [HACKERS] Error-like LOG when connecting with SSL for password authentication
Date
Msg-id CAB7nPqT+9L2HekPT8xeJH2Xv3zXogePMwtq=BqrQs8J-RPzpAg@mail.gmail.com
Whole thread Raw
In response to Re: [HACKERS] Error-like LOG when connecting with SSL for passwordauthentication  (Heikki Linnakangas <hlinnaka@iki.fi>)
List pgsql-hackers
On Tue, May 23, 2017 at 6:36 AM, Heikki Linnakangas <hlinnaka@iki.fi> wrote:
> On 05/22/2017 10:11 PM, Vaishnavi Prabakaran wrote:
>>
>> On Mon, May 22, 2017 at 5:10 PM, Michael Paquier
>> <michael.paquier@gmail.com>
>> wrote:
>>
>>> If the protocol version is SSL
>>> 3.0 or TLS 1.0, this result code is returned only if a closure alert
>>> has occurred in the protocol, i.e. if the connection has been closed
>>> cleanly. Note that in this case SSL_ERROR_ZERO_RETURN does not
>>> necessarily indicate that the underlying transport has been closed.
>>
>>
>> I guess this error code exist even for SSL2 protocol, In that case, don't
>> we need to keep the current code for this error code?
>
> If I understand correctly, with SSLv2, SSL_ERROR_ZERO_RETURN does mean that
> the underlying transport has been closed. Returning 0 seems appropriate in
> that case, too.

Am I reading the docs incorrectly then? I understand that with SSLv2
the transport may not be closed after SSL_ERROR_ZERO_RETURN.

> But the point is moot anyway, because PostgreSQL doesn't allow SSLv2
> anymore.

And SSL_OP_NO_SSLv2 is enforced anyway.

Side note.. Looking at the openssl docs, I am just noticing that
SSLv23_method has been marked as deprecated in 1.1.0:
https://www.openssl.org/docs/man1.1.0/ssl/SSLv23_method.html
And has been replaced by TLS_method. Something to keep in mind.
-- 
Michael



pgsql-hackers by date:

Previous
From: Amit Kapila
Date:
Subject: Re: [HACKERS] Increasing parallel workers at runtime
Next
From: Michael Paquier
Date:
Subject: Re: [HACKERS] Regarding Postgres Dynamic Shared Memory (DSA)