Thread: Connnection to SSL enabled server
<br /><font face="sans-serif" size="2">I am running PostgreSQL 7.3.4 server with SSL enabled. I have the server configuredto only accept SSL connections from various hosts. I am using pgadmin3-1.1 on RedHat 9 and I can connect to mySSL enabled Pg server just fine. The information pane in pgadmin3 tells me I have an SSL connection to the server. Ican open up the graphic query tool and type in my query. As soon as I click the 'Execute query' button pgadmin3 crashes. When I run pgadmin3 using gdb I get the following output from gdb after I click the 'Execute query' button:</font><br/><br /><font face="sans-serif" size="2">Program received signal SIGSEGV, Segmentation fault.</font><br/><font face="sans-serif" size="2">[Switching to Thread 1094126896 (LWP 4597)]</font><br /><font face="sans-serif"size="2">0x400b603f in CRYPTO_lock () from /lib/libcrypto.so.4</font><br /><br /><font face="sans-serif"size="2">I'm using the RedHat 9 rpm from the pgadmin site and have even tried using the nightly build fromOctober 29, 2003 with the same result. I have another PostgreSQL 7.3.4 server that is not SSL enabled and I can usepgadmin3 just fine with that configuration.</font><br /><br /><font face="sans-serif" size="2">I built the SSL enabledserver from source using openssl-0.9.7c source. I can connect(I do get an SSL connection) and work from my clientmachine using pgsql.</font><br /><br /><font face="sans-serif" size="2">Is there an issue with how I built the serveror with openssl on RedHat 9 machines or the combination of SSL on the server and client I used?</font><br /><br /><fontface="sans-serif" size="2">Tim</font>
timothy.r.morley@kc.frb.org wrote: > > I am running PostgreSQL 7.3.4 server with SSL enabled. I have the > server configured to only accept SSL connections from various hosts. > I am using pgadmin3-1.1 on RedHat 9 and I can connect to my SSL > enabled Pg server just fine. The information pane in pgadmin3 tells > me I have an SSL connection to the server. I can open up the graphic > query tool and type in my query. As soon as I click the 'Execute > query' button pgadmin3 crashes. When I run pgadmin3 using gdb I get > the following output from gdb after I click the 'Execute query' button: > > Program received signal SIGSEGV, Segmentation fault. > [Switching to Thread 1094126896 (LWP 4597)] > 0x400b603f in CRYPTO_lock () from /lib/libcrypto.so.4 > > I'm using the RedHat 9 rpm from the pgadmin site and have even tried > using the nightly build from October 29, 2003 with the same result. I > have another PostgreSQL 7.3.4 server that is not SSL enabled and I can > use pgadmin3 just fine with that configuration. > > I built the SSL enabled server from source using openssl-0.9.7c > source. I can connect(I do get an SSL connection) and work from my > client machine using pgsql. > > Is there an issue with how I built the server or with openssl on > RedHat 9 machines or the combination of SSL on the server and client I > used? > Can you confirm that this crash happens only with ssl? There might be a multithreading problem. While the pgAdmin3 main window uses the main thread, the query tool uses a dedicated thread for query execution. I'm using open-ssl 0.9.7b (SuSE 8.1), no problem with a "requires SSL" connection, I doubt it's a version problem. It might be necessary to play a little with libraries to get it multithread proof. Regards, Andreas
<br /><font face="sans-serif" size="2">Here is what I've tried:</font><br /><br /><font face="sans-serif" size="2">1. IfI connect to server1 that wasn't compiled with SSL I have no issues running queries.</font><br /><font face="sans-serif"size="2">2. If I connect to server2 that WAS compiled with SSL and ssl = true is set in postgresql.confpgadmin3 crashes when I try to execute a query.</font><br /><font face="sans-serif" size="2">3. If I connectto server2 with ssl = false in postgresql.conf pgadmin3 has no problems running the queries.</font><br /><br /><fontface="sans-serif" size="2">On my RedHat 9 box(client) I have openssl-0.9.7a-20.</font><br /><br /><font face="sans-serif"size="2">Tim</font><br /><br /><br /><table width="100%"><tr valign="top"><td></td><td><font face="sans-serif"size="1"><b>Andreas Pflug <pgadmin@pse-consulting.de></b></font><p><font face="sans-serif" size="1">10/29/200310:52 AM</font><br /></td><td><font face="Arial" size="1"> </font><br /><font face="sans-serif"size="1"> To: timothy.r.morley@kc.frb.org</font><br /><font face="sans-serif" size="1"> cc: pgadmin-support@postgresql.org, Jean-Michel POURE <jm@poure.com></font><br /><font face="sans-serif"size="1"> Subject: Re: [pgadmin-support] Connnection to SSL enabled server</font></td></tr></table><br/><br /><br /><font face="Courier New" size="2">Can you confirm that this crash happensonly with ssl?<br /> There might be a multithreading problem. While the pgAdmin3 main window <br /> uses the mainthread, the query tool uses a dedicated thread for query <br /> execution.<br /> I'm using open-ssl 0.9.7b (SuSE 8.1),no problem with a "requires SSL" <br /> connection, I doubt it's a version problem. It might be necessary to <br />play a little with libraries to get it multithread proof.<br /><br /> Regards,<br /> Andreas<br /><br /><br /></font><br/><br />
<br /><font face="sans-serif" size="2">I just setup a Slackware 9.1 machine and tried pgadmin3-1.0.1 and the October 29 snapshotof pgadmin3 with a connection to my SSL enabled PostgreSQL server. Everything worked perfectly. The Slack 9.1 machinehas openssl-0.9.7b on it. I have a coworker running Mandrake 9.1 which contains openssl-0.9.7a. His pgadmin3 alsocrashes trying to run queries against our SSL enabled PostgreSQL server. He installed the Mandrake rpms for pgadmin3from the pgadmin.postgresql.org site.</font><br /><br /><font face="sans-serif" size="2">You were right about needingto play with the libraries. I'll see if I can get my RedHat 9 box up to openssl 0.9.7b.</font><br /><br /><font face="sans-serif"size="2">Tim</font><br /><br /><br /><table width="100%"><tr valign="top"><td></td><td><font face="sans-serif"size="1"><b>Andreas Pflug <pgadmin@pse-consulting.de></b></font><br /><font face="sans-serif" size="1">Sentby: pgadmin-support-owner@postgresql.org</font><p><font face="sans-serif" size="1">10/29/2003 10:52 AM</font><br/></td><td><font face="Arial" size="1"> </font><br /><font face="sans-serif" size="1"> To: timothy.r.morley@kc.frb.org</font><br /><font face="sans-serif" size="1"> cc: pgadmin-support@postgresql.org,Jean-Michel POURE <jm@poure.com></font><br /><font face="sans-serif" size="1"> Subject: Re: [pgadmin-support] Connnection to SSL enabled server</font></td></tr></table><br /><br /><br /><fontface="Courier New" size="2">timothy.r.morley@kc.frb.org wrote:<br /><br /> Can you confirm that this crash happensonly with ssl?<br /> There might be a multithreading problem. While the pgAdmin3 main window <br /> uses the mainthread, the query tool uses a dedicated thread for query <br /> execution.<br /> I'm using open-ssl 0.9.7b (SuSE 8.1),no problem with a "requires SSL" <br /> connection, I doubt it's a version problem. It might be necessary to <br />play a little with libraries to get it multithread proof.<br /><br /> Regards,<br /> Andreas<br /><br /><br /><br /> ---------------------------(endof broadcast)---------------------------<br /> TIP 5: Have you checked our extensive FAQ?<br/><br /> http://www.postgresql.org/docs/faqs/FAQ.html<br /></font><br /><br />
timothy.r.morley@kc.frb.org wrote: > > I just setup a Slackware 9.1 machine and tried pgadmin3-1.0.1 and the > October 29 snapshot of pgadmin3 with a connection to my SSL enabled > PostgreSQL server. Everything worked perfectly. The Slack 9.1 > machine has openssl-0.9.7b on it. I have a coworker running Mandrake > 9.1 which contains openssl-0.9.7a. His pgadmin3 also crashes trying > to run queries against our SSL enabled PostgreSQL server. He > installed the Mandrake rpms for pgadmin3 from the > pgadmin.postgresql.org site. > > You were right about needing to play with the libraries. I'll see if > I can get my RedHat 9 box up to openssl 0.9.7b. > Actually, I can't believe that only 0.9.7b will work, but not 0.9.7a or 0.9.7c, so I'd be glad if you could confirm this. When mentioning libraries, I was talking about compilation options for multithread support and possible linkage against mt enabled libraries. Possibly, there are platforms where things are not compiled/linked correctly, but nobody noticed because ssl connections are rarely used (at least for admins contacting a local server) Regards, Andreas
<br /><font face="sans-serif" size="2">I've done some more testing. I installed pgadmin3-1.0.1 and pgadmin3-1.1.0-cvs20031030on a Mandrake 9.2 box. The Mandrake 9.2 box has all updates applied and is running openssl-0.9.7b-4.1.92mdk. When I connect from this machine to my SSL enabled PostgreSQL machine pgadmin3 crashes(both versions)when I try to execute a query. I can use either version to connect to my nonSSL PostgreSQL server and I can executea query. So here is a summary of my current results.</font><br /><br /><font face="sans-serif" size="2">Server: PostgreSQL7.3.4 compiled with option --with-openssl. Openssl version 0.9.7c.</font><br /><font face="sans-serif" size="2">1.RedHat9 client: Pgadmin3 crashes when executing a query while connected to the SSL enabled PostgreSQL server. Pgadmin3 executes query against a nonSSL PostgreSQL server and against the SSL enabled server when ssl = false isset in postgresql.conf. Client has openssl-0.9.7a installed.</font><br /><font face="sans-serif" size="2">2. Mandrake 9.2client: Same results as with RedHat9 client. Client has openssl-0.9.7b-4.1.92mdk installed.</font><br /><font face="sans-serif"size="2">3. Slackware 9.1: All queries on all servers work. Client has openssl-0.9.7b installed.</font><br/><br /><br /><font face="sans-serif" size="2">Tim</font><br /><br /><br /><table width="100%"><tr valign="top"><td></td><td><fontface="sans-serif" size="1"><b>Andreas Pflug <pgadmin@pse-consulting.de></b></font><p><fontface="sans-serif" size="1">10/30/2003 04:41 AM</font><br /></td><td><fontface="Arial" size="1"> </font><br /><font face="sans-serif" size="1"> To: timothy.r.morley@kc.frb.org</font><br/><font face="sans-serif" size="1"> cc: pgadmin-support@postgresql.org</font><br/><font face="sans-serif" size="1"> Subject: Re: [pgadmin-support]Connnection to SSL enabled server</font></td></tr></table><br /><br /><br /><font face="Courier New" size="2">timothy.r.morley@kc.frb.orgwrote:<br /><br /> ><br /> > I just setup a Slackware 9.1 machine and tried pgadmin3-1.0.1and the <br /> > October 29 snapshot of pgadmin3 with a connection to my SSL enabled <br /> > PostgreSQLserver. Everything worked perfectly. The Slack 9.1 <br /> > machine has openssl-0.9.7b on it. I have a coworkerrunning Mandrake <br /> > 9.1 which contains openssl-0.9.7a. His pgadmin3 also crashes trying <br /> > torun queries against our SSL enabled PostgreSQL server. He <br /> > installed the Mandrake rpms for pgadmin3 from the<br /> > pgadmin.postgresql.org site.<br /> ><br /> > You were right about needing to play with the libraries. I'll see if <br /> > I can get my RedHat 9 box up to openssl 0.9.7b.<br /> ><br /><br /> Actually, I can'tbelieve that only 0.9.7b will work, but not 0.9.7a or <br /> 0.9.7c, so I'd be glad if you could confirm this.<br /><br/> When mentioning libraries, I was talking about compilation options for <br /> multithread support and possible linkageagainst mt enabled libraries. <br /> Possibly, there are platforms where things are not compiled/linked <br /> correctly,but nobody noticed because ssl connections are rarely used <br /> (at least for admins contacting a local server)<br/><br /> Regards,<br /> Andreas<br /><br /><br /></font><br /><br />
timothy.r.morley@kc.frb.org wrote: > > I've done some more testing. I installed pgadmin3-1.0.1 and > pgadmin3-1.1.0-cvs20031030 on a Mandrake 9.2 box. The Mandrake 9.2 > box has all updates applied and is running openssl-0.9.7b-4.1.92mdk. > When I connect from this machine to my SSL enabled PostgreSQL machine > pgadmin3 crashes(both versions) when I try to execute a query. I can > use either version to connect to my nonSSL PostgreSQL server and I can > execute a query. So here is a summary of my current results. > > Server: PostgreSQL 7.3.4 compiled with option --with-openssl. Openssl > version 0.9.7c. > 1. RedHat9 client: Pgadmin3 crashes when executing a query while > connected to the SSL enabled PostgreSQL server. Pgadmin3 executes > query against a nonSSL PostgreSQL server and against the SSL enabled > server when ssl = false is set in postgresql.conf. Client has > openssl-0.9.7a installed. > 2. Mandrake 9.2 client: Same results as with RedHat9 client. Client > has openssl-0.9.7b-4.1.92mdk installed. > 3. Slackware 9.1: All queries on all servers work. Client has > openssl-0.9.7b installed. > So this seems to be not a ssl version problem, but something about the platforms. We can reduce you results to - RedHat9 and Mandrake 9.2 won't work - Slackware does. Maybe we need special compiler/link flags for RH and Mandrake :-( Did you try the binary versions too? Jean-Michel, what's happening on your machines when connecting with ssl=require? Regards, Andreas
Le Jeudi 30 Octobre 2003 15:28, Andreas Pflug a écrit : > Did you try the binary versions too? Jean-Michel, what's happening on > your machines when connecting with ssl=require? I will do some testing tonight. Cheers, Jean-Michel
Network Administrator wrote: > >Ok, that is problem my fault. I'm using the slackware package Version 1.1.0 >Devel (Oct 29 2003). On the original post the problem use the visual query >builder (unless I missed the jist of that post) using ssl. When I tested this, >pgAdmin crashes for both ssl and non-ssl connections. That is to say going to >the query builder, and trying to add a table under the tools menu crashes as >soon as you select a table and hit ok. > > Please do *not* mix up the Query Tool and the Query Builder, which is known to crash on gtk (see BUGS.txt) and for this reason is deliberately left out of release versions. Regards, Andreas
Network Administrator wrote: >>>3. Slackware 9.1: All queries on all servers work. Client has >>>openssl-0.9.7b installed. >>> >>> >to through my $0.02 in. Slackware does work with ssl=reguire but when I >did try to use the visual query tool (not sure how to use it actually) the 10/29 >snapshot did crash. > This is confusing. So you say slackware crashes for you, while Timothy says it's working. What's the difference? To get this clear: which version exactly did you use? source or binary? Regards, Andreas
Quoting Andreas Pflug <pgadmin@pse-consulting.de>: > timothy.r.morley@kc.frb.org wrote: > > > > > I've done some more testing. I installed pgadmin3-1.0.1 and > > pgadmin3-1.1.0-cvs20031030 on a Mandrake 9.2 box. The Mandrake 9.2 > > box has all updates applied and is running openssl-0.9.7b-4.1.92mdk. > > When I connect from this machine to my SSL enabled PostgreSQL machine > > pgadmin3 crashes(both versions) when I try to execute a query. I can > > use either version to connect to my nonSSL PostgreSQL server and I can > > execute a query. So here is a summary of my current results. > > > > Server: PostgreSQL 7.3.4 compiled with option --with-openssl. Openssl > > version 0.9.7c. > > 1. RedHat9 client: Pgadmin3 crashes when executing a query while > > connected to the SSL enabled PostgreSQL server. Pgadmin3 executes > > query against a nonSSL PostgreSQL server and against the SSL enabled > > server when ssl = false is set in postgresql.conf. Client has > > openssl-0.9.7a installed. > > 2. Mandrake 9.2 client: Same results as with RedHat9 client. Client > > has openssl-0.9.7b-4.1.92mdk installed. > > 3. Slackware 9.1: All queries on all servers work. Client has > > openssl-0.9.7b installed. > > > > So this seems to be not a ssl version problem, but something about the > platforms. We can reduce you results to > - RedHat9 and Mandrake 9.2 won't work > - Slackware does. > Maybe we need special compiler/link flags for RH and Mandrake :-( > > Did you try the binary versions too? Jean-Michel, what's happening on > your machines when connecting with ssl=require? > > Regards, > Andreas > > > ---------------------------(end of broadcast)--------------------------- > TIP 7: don't forget to increase your free space map settings > Just to through my $0.02 in. Slackware does work with ssl=reguire but when I did try to use the visual query tool (not sure how to use it actually) the 10/29 snapshot did crash. I haven't retried it though since I wanted to hear some other feedback. Also, anything before OpenSSL 0.9.7c or 0.9.6k is not viable because of a recent CERT. Please see: http://www.cert.org/advisories/CA-2003-26.html -- Keith C. Perry Director of Networks & Applications VCSN, Inc. http://vcsn.com ____________________________________ This email account is being host by: VCSN, Inc : http://vcsn.com
<br /><font face="sans-serif" size="2">Every version of pgadmin3 I have tried, whether production releases such as 1.0.0and 1.0.1 or nightly builds have been the rpms built for the appropriate platforms. I used the the binary tgz for Slackware.</font><br/><br /><font face="sans-serif" size="2">Tim</font><br /><br /><br /><table width="100%"><tr valign="top"><td></td><td><fontface="sans-serif" size="1"><b>Andreas Pflug <pgadmin@pse-consulting.de></b></font><p><fontface="sans-serif" size="1">10/30/2003 08:28 AM</font><br /></td><td><fontface="Arial" size="1"> </font><br /><font face="sans-serif" size="1"> To: timothy.r.morley@kc.frb.org</font><br/><font face="sans-serif" size="1"> cc: pgadmin-support@postgresql.org,"Adam H. Pendleton" <fmonkey@fmonkey.net>, Jean-Michel POURE <jm@poure.com></font><br/><font face="sans-serif" size="1"> Subject: Re: [pgadmin-support] Connnectionto SSL enabled server</font></td></tr></table><br /><br /><br /><font face="Courier New" size="2">So this seemsto be not a ssl version problem, but something about the <br /> platforms. We can reduce you results to<br /> - RedHat9and Mandrake 9.2 won't work<br /> - Slackware does.<br /> Maybe we need special compiler/link flags for RH and Mandrake:-(<br /><br /> Did you try the binary versions too? Jean-Michel, what's happening on <br /> your machines when connectingwith ssl=require?<br /><br /> Regards,<br /> Andreas<br /><br /></font><br /><br />
>Also, anything before OpenSSL 0.9.7c or 0.9.6k is not viable because of a recent >CERT. Please see: >http://www.cert.org/advisories/CA-2003-26.html Yes but generally, distros backport patches to older release so that they don't break the global way the soft run... For RH, openssl-0.9.7a-20 is considered corrected although it is versioned 0.9.7a and not 0.9.7c Please see https://rhn.redhat.com/errata/RHSA-2003-292.html Hope we won't have to publish our openssl packages for pgA3! Regards, Raphaël
<br /><font face="sans-serif" size="2">Since my Mandrake 9.2 machine contained openssl-0.9.7b and pagdmin3 queries didn'twork on it, I'm taking this to mean you are correct that this is not an openssl version issue. Therefore, I didn'ttry to upgrade my RedHat 9 machine.</font><br /><br /><font face="sans-serif" size="2">Tim</font><br /><br /><br /><tablewidth="100%"><tr valign="top"><td></td><td><font face="sans-serif" size="1"><b>Andreas Pflug <pgadmin@pse-consulting.de></b></font><p><fontface="sans-serif" size="1">10/30/2003 04:41 AM</font><br /></td><td><fontface="Arial" size="1"> </font><br /><font face="sans-serif" size="1"> To: timothy.r.morley@kc.frb.org</font><br/><font face="sans-serif" size="1"> cc: pgadmin-support@postgresql.org</font><br/><font face="sans-serif" size="1"> Subject: Re: [pgadmin-support]Connnection to SSL enabled server</font></td></tr></table><br /><br /><br /><font face="Courier New" size="2">timothy.r.morley@kc.frb.orgwrote:<br /><br /> ><br /> > I just setup a Slackware 9.1 machine and tried pgadmin3-1.0.1and the <br /> > October 29 snapshot of pgadmin3 with a connection to my SSL enabled <br /> > PostgreSQLserver. Everything worked perfectly. The Slack 9.1 <br /> > machine has openssl-0.9.7b on it. I have a coworkerrunning Mandrake <br /> > 9.1 which contains openssl-0.9.7a. His pgadmin3 also crashes trying <br /> > torun queries against our SSL enabled PostgreSQL server. He <br /> > installed the Mandrake rpms for pgadmin3 from the<br /> > pgadmin.postgresql.org site.<br /> ><br /> > You were right about needing to play with the libraries. I'll see if <br /> > I can get my RedHat 9 box up to openssl 0.9.7b.<br /> ><br /><br /> Actually, I can'tbelieve that only 0.9.7b will work, but not 0.9.7a or <br /> 0.9.7c, so I'd be glad if you could confirm this.<br /><br/> When mentioning libraries, I was talking about compilation options for <br /> multithread support and possible linkageagainst mt enabled libraries. <br /> Possibly, there are platforms where things are not compiled/linked <br /> correctly,but nobody noticed because ssl connections are rarely used <br /> (at least for admins contacting a local server)<br/><br /> Regards,<br /> Andreas<br /><br /><br /></font><br /><br />