Postgres Pro
Downloads
Home   >   mailing lists

BUG #7560: Crash on libpq-9.2.0 and openssl-1.0.1c on windows when openssl.cnf is not found - Mailing list pgsql-bugs

From kamil@mrblur.net
Subject BUG #7560: Crash on libpq-9.2.0 and openssl-1.0.1c on windows when openssl.cnf is not found
Date
Msg-id E1TEMi5-0005WR-6y@wrigleys.postgresql.org
Whole thread Raw
List pgsql-bugs
Tree view 
The following bug has been logged on the website:

Bug reference:      7560
Logged by:          Kamil Kami=C5=84ski
Email address:      kamil@mrblur.net
PostgreSQL version: 9.2.0
Operating system:   Windows
Description:        =


When openssl is built on Windows it hardcodes OPENSSLDIR into its sources.
By default it is "/usr/local/openssl", however it defaults to configured
prefix when configuring on windows. In my case it defaulted to a location on
D:\libs\openssl.

This leads to random crashes on PQconnect when using SSL layer as openssl
library tries to open openssl.cnf file (which should be at OPENSSLDIR) and
when it cannot found it - throws an error.
Now, this error is not returned by PQconnect as an connection error, instead
whole app shuts down.

When using psql from windows commandline I got messages complaying about
openssl's BIO layer and missing configuration file.

It is easy to reproduce as openssl allows "OPENSSL_CONF" environment
variable to point at 'proper' configuration.

Just try to do:

$ SET OPENSSL_CONF=3D"invalid_path"
$ psql

(" chars are intented - this way path is invalid and openssl cannot fopen()
it.)


And try with any libPQ-based application - it will crash.


I believe this in fact is a bug as:
 1) OpenSSL(.exe) displays warning about missing file, never throws error
 2) OPENSSL_CONF cannot be overriden from libPQ API
 3) OPENSSL_CONF cannot be overriden from application process as libPQ uses
different environment copies (according to MSDN, verified with
SetEnvironmentVariable call befor delay-load libPQ.dll)
 4) OPENSSL_CONF is used widely and I cannot blindly replace it system-wide
(for instance: OpenVPN installs OpenSSL and configures global variable)
 5) Connection does not return error, instead it crashes whole app.


Some details of my config:
 * Microsof Visual Studio 2010 with all upgrades,
 * Windows 7 x64 as build host
 * OpenSSL 1.0.1c built with defaults (threads, asm), --prefix for nmake
install
 * PostgreSQL 9.2.0 configured with openssl set to my aOpenSSL path
 * My APP is written in C++ (MFC), dynamically linked to libPQ
 * My app crashes directly in PQconnect, server uses SSL
 * sslmode=3Ddisable does not crash application,
 * My app connects correctly with sslmode=3Drequire if OPENSSL_CONF is set =
to
a blank file (a valid file to fopen)
 * My app crashes if OPENSSL_MODE is set to anything invalid

Best regards,
Kamil

pgsql-bugs by date:

Previous
From: l1t@tom.com
Date:
Subject: BUG #7556: "select not in sub query" plan very poor vs "not exists"
Next
From: pathak.anurag@gmail.com
Date:
Subject: BUG #7558: Postgres service not starting.