Thread: Libpq ssl fix
init_ssl_system will return 0 on success and -1 on failure, which will
be interpreted just the other way round in initialize_SSL.
Patch appended.
Regards,
Andreas
Index: fe-secure.c
===================================================================
RCS file: /projects/cvsroot/pgsql-server/src/interfaces/libpq/fe-secure.c,v
retrieving revision 1.40
diff -u -r1.40 fe-secure.c
--- fe-secure.c 7 May 2004 00:24:59 -0000 1.40
+++ fe-secure.c 28 May 2004 14:00:40 -0000
@@ -922,7 +922,7 @@
char fnbuf[2048];
#endif
- if(!init_ssl_system(conn))
+ if(init_ssl_system(conn))
return -1;
#ifndef WIN32
Manfred Spraul wrote: > > > Btw, --enable-thread-safety on Linux (RedHat Fedora Core 1) fails in > configure with > >> configure: error: >> *** Thread test program failed. Your platform is not thread-safe. >> *** Check the file 'config.log'for the exact reason. > I had this too, for two reasons: - configure checks for libpthreads, while the libs are called libpthread on my system. - patch for thread_test.c needed posted some hours ago. Regards, Andreas
Tom Lane wrote: >Andreas Pflug <pgadmin@pse-consulting.de> writes: > > >>init_ssl_system will return 0 on success and -1 on failure, which will >>be interpreted just the other way round in initialize_SSL. >>Patch appended. >> >> > >Hmm, that looks backwards to me too, but this would seem to imply that >Manfred Spraul failed to test his last patch at all. Manfred, care to >explain why we shouldn't revert that patch in toto? > > FYI: I tried to compile libpq with ENABLE_THREAD_SAFETY under win32, and quickly stopped it because the implementation has pthread stuff buried deep inside the sources. No pthread under win32... This needs quite some portability work. Regards, Andreas
Andreas Pflug wrote:
> Manfred Spraul wrote:
>
> >
> >
> > Btw, --enable-thread-safety on Linux (RedHat Fedora Core 1) fails in
> > configure with
> >
> >> configure: error:
> >> *** Thread test program failed. Your platform is not thread-safe.
> >> *** Check the file 'config.log'for the exact reason.
> >
>
> I had this too, for two reasons:
> - configure checks for libpthreads, while the libs are called libpthread
> on my system.
I need to see your config.log output. pgsql/config/acx_pthread.m4 has:
acx_pthread_flags="pthreads none -Kthread -kthread lthread -pthread
-pthreads -mthreads pthread --thread-safe -mt pthread-con
fig"
which should test for -lpthread. (Any option without a dash is assumed
to be a library name.)
> - patch for thread_test.c needed posted some hours ago.
Applied.
--
Bruce Momjian | http://candle.pha.pa.us
pgman@candle.pha.pa.us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073
Hi,
I'll retest the patch. I didn't have a working ssl test setup, thus I
stopped when I ran into the same errors as without my patch. Probably
printfs in initialize_SSL(), but no tests that the code beyond
initialize_SSL() actually runs - sorry.
Btw, --enable-thread-safety on Linux (RedHat Fedora Core 1) fails in
configure with
> configure: error:
> *** Thread test program failed. Your platform is not thread-safe.
> *** Check the file 'config.log'for the exact reason.
--
Manfred
Tom Lane wrote:
>Andreas Pflug <pgadmin@pse-consulting.de> writes:
>
>
>>init_ssl_system will return 0 on success and -1 on failure, which will
>>be interpreted just the other way round in initialize_SSL.
>>Patch appended.
>>
>>
>
>Hmm, that looks backwards to me too, but this would seem to imply that
>Manfred Spraul failed to test his last patch at all. Manfred, care to
>explain why we shouldn't revert that patch in toto?
>
>2004-03-23 22:44 momjian
>
> * doc/src/sgml/libpq.sgml, src/backend/libpq/md5.c,
> src/interfaces/libpq/fe-auth.c, src/interfaces/libpq/fe-connect.c,
> src/interfaces/libpq/fe-secure.c, src/interfaces/libpq/libpq-fe.h,
> src/interfaces/libpq/libpq-int.h: Add thread locking to SSL and
> Kerberos connections.
>
> I have removed the docs mentioning that SSL and Kerberos are not
> thread-safe.
>
> Manfred Spraul
>
> regards, tom lane
>
>
Andreas Pflug <pgadmin@pse-consulting.de> writes:
> init_ssl_system will return 0 on success and -1 on failure, which will
> be interpreted just the other way round in initialize_SSL.
> Patch appended.
Hmm, that looks backwards to me too, but this would seem to imply that
Manfred Spraul failed to test his last patch at all. Manfred, care to
explain why we shouldn't revert that patch in toto?
2004-03-23 22:44 momjian
* doc/src/sgml/libpq.sgml, src/backend/libpq/md5.c,
src/interfaces/libpq/fe-auth.c, src/interfaces/libpq/fe-connect.c,
src/interfaces/libpq/fe-secure.c, src/interfaces/libpq/libpq-fe.h,
src/interfaces/libpq/libpq-int.h: Add thread locking to SSL and
Kerberos connections.
I have removed the docs mentioning that SSL and Kerberos are not
thread-safe.
Manfred Spraul
regards, tom lane
Bruce Momjian wrote:
>>- patch for thread_test.c needed posted some hours ago.
>>
>>
>
>Applied.
>
>
The current CVS tree work again, Andreas' patch fixed the configure failure.
Additionally Andreas' libpq patch fixes ssl. I've tested the locking,
too: ssl calls pq_lockingcallback.
I've tested it by adding ssl support into pgbench. Should I clean up the
change and post a patch?
--
Manfred
You will find Anreas's two patches in the patch queue. Are there more changes than that? --------------------------------------------------------------------------- Manfred Spraul wrote: > Bruce Momjian wrote: > > >>- patch for thread_test.c needed posted some hours ago. > >> > >> > > > >Applied. > > > > > The current CVS tree work again, Andreas' patch fixed the configure failure. > Additionally Andreas' libpq patch fixes ssl. I've tested the locking, > too: ssl calls pq_lockingcallback. > > I've tested it by adding ssl support into pgbench. Should I clean up the > change and post a patch? > > -- > Manfred > > > ---------------------------(end of broadcast)--------------------------- > TIP 2: you can get off all lists at once with the unregister command > (send "unregister YourEmailAddressHere" to majordomo@postgresql.org) > -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073
Patch applied. Thanks. --------------------------------------------------------------------------- Andreas Pflug wrote: > init_ssl_system will return 0 on success and -1 on failure, which will > be interpreted just the other way round in initialize_SSL. > Patch appended. > > Regards, > Andreas > > Index: fe-secure.c > =================================================================== > RCS file: /projects/cvsroot/pgsql-server/src/interfaces/libpq/fe-secure.c,v > retrieving revision 1.40 > diff -u -r1.40 fe-secure.c > --- fe-secure.c 7 May 2004 00:24:59 -0000 1.40 > +++ fe-secure.c 28 May 2004 14:00:40 -0000 > @@ -922,7 +922,7 @@ > char fnbuf[2048]; > #endif > > - if(!init_ssl_system(conn)) > + if(init_ssl_system(conn)) > return -1; > > #ifndef WIN32 > > ---------------------------(end of broadcast)--------------------------- > TIP 3: if posting/reading through Usenet, please send an appropriate > subscribe-nomail command to majordomo@postgresql.org so that your > message can get through to the mailing list cleanly -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073