Thanks, Michael, that's it, indeed! I had missed that part of the OpenSSL docs. These PG instances are running on Ubuntu Focal hosts that come with OpenSSL 1.1.1.
We had never seen these in the previous Xenial images because those were using OpenSSL 1.0.2, and from what I've seen the bug was introduced in 1.1.0.
Thanks again,
Carla
On Wed, Jan 19, 2022 at 5:42 AM Michael Paquier <michael@paquier.xyz> wrote:
On Mon, Jan 17, 2022 at 05:05:52PM +0100, Carla Iriberri wrote: > I saw previous discussions where different errors were logged with the > "Success" > message and this was corrected/treated as a bug, but I couldn't find similar > reports specific to "could not accept SSL connection". Is this a known > issue or > case?
Not based my recent mailing list memories, but I may be running short. The error comes from the backend as you say, where this log would expect something in saved_errno to feed %m.
"On an unexpected EOF, versions before OpenSSL 3.0 returned SSL_ERROR_SYSCALL, nothing was added to the error stack, and errno was 0. Since OpenSSL 3.0 the returned error is SSL_ERROR_SSL with a meaningful error on the error stack."
This would mean that relying on %m would be wrong for this case. And I guess that you are using a version of OpenSSL older than 3.0? -- Michael
