Re: buildfarm server suddenly not talking to old SSL stacks? - Mailing list pgsql-www

Magnus Hagander <magnus@hagander.net> writes:
> On Tue, Jul 17, 2018 at 7:28 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>>> My buildfarm animals dromedary and prairiedog have been failing since
>>> around 9AM EDT on Sunday. ... Have we done something recently to create
>>> an incompatibility with old SSL stacks?

> We also changed some of the server setup so there is now a haproxy that's
> doing the SSL termination. So there is probably a slightly different
> configuration of available SSL algorithms and such as well. It might be
> either one of those two, both changes happened not too far apart on that
> day.

Hm.  Closer investigation suggests that there's something else wrong.
While, as I said, curl works for non-SSL connections:

$ curl http://buildfarm.postgresql.org/branches_of_interest.txt
REL9_3_STABLE
REL9_4_STABLE
REL9_5_STABLE
REL9_6_STABLE
REL_10_STABLE
REL_11_STABLE
HEAD

doing the same thing the way the buildfarm script does it does not work:

$ perl -MLWP::Simple -e 'LWP::Simple::getprint("http://buildfarm.postgresql.org/branches_of_interest.txt");'
500 Can't connect to buildfarm.postgresql.org:80 (No route to host) <URL:http://buildfarm.postgresql.org/branches_of_interest.txt>

That's on dromedary's host with perl 5.10.0.  Even weirder, it
*does* work on prairiedog's host with perl 5.8.3.  I think that the
latter installation is newer and hence may have newer copies of
some CPAN-supplied modules, but I'm not sure how to debug further.

Also, on prairiedog's host, this is what I get for the https case:

$ perl -MLWP::Simple -MLWP::Protocol::https -e 'LWP::Simple::getprint("https://buildfarm.postgresql.org/branches_of_interest.txt");'
500 Can't connect to buildfarm.postgresql.org:443 <URL:https://buildfarm.postgresql.org/branches_of_interest.txt>

which isn't terribly informative but it doesn't look like an SSL
certificate failure.