Thread: Re: [BUGS] More SSL questions..
>> APPDATA/postgresql/psql_history >> Does not appear to work. Do I need to do anything to make psql create >> this file? > >Enable READLINE/HISTORY. > >> A quick look at input.c makes it seem like this is only used when >> READLINE is enabled. And READLINE is disabled on win32 because it >> breaks. > >Hmm. I wonder if that breakage had anything to do with the lack of >proper support for home-directory stuff? Might be entertaining to >un-disable it and see what happens now. No, it was a character encoding issue. IIRC it broke such things as the backslash on any non-US locales. So this won't help it. >I'm out of here for the next several hours --- if you have any >last-minute RC4 patches, try to get Bruce's attention ... I'm out of here myself too, it's getting pretty late. Patches too late in the evening tend to need reversal in the morning...:-) But it seems to be working so far - at least as good as it did with RC3. If someone can test the client certificate stuff (that didn't work before), that'd be great. //Magnus
Magnus Hagander wrote: >>>A quick look at input.c makes it seem like this is only used when >>>READLINE is enabled. And READLINE is disabled on win32 because it >>>breaks. >>> >>> >>Hmm. I wonder if that breakage had anything to do with the lack of >>proper support for home-directory stuff? Might be entertaining to >>un-disable it and see what happens now. >> >> > >No, it was a character encoding issue. IIRC it broke such things as the >backslash on any non-US locales. So this won't help it. > > Arguably this should be enabled/disabled at runtime instead of compile time. Not sure how hard that would be to do. Say, let's fix this too before the release! cheers andrew
Okay, I've been up all night testing this out and here's what I've got... I sprinkled some printf's in fe-secure.c because a different error starting coming up... I discovered that on an initial connection open_client_SSL was attempted 4 times. r is -1 three times, then 0 the fourth time. The first three times err is 2, the last time err is 1. SSL Initialization isn't entered until the third try. But it works fine, the homedir, usercertfile and userkeyfile are identified correctly (c:\Documents and Settings\User\ApplicationData/postgresql, postgresql.crt, postgresql.key, respectively) The error coming up states that the private key file was changed during execution. I looked at it (the error checker) and it has something to do with comparing two buffers... Anyways, after figuring out what was going on I went into that error function and commented out the return 0, recompiled and a successful SSL connection was made :) Good work guys, you rock. =) >I'm out of here myself too, it's getting pretty late. Patches too late >in the evening tend to need reversal in the morning...:-) > >But it seems to be working so far - at least as good as it did with RC3. >If someone can test the client certificate stuff (that didn't work >before), that'd be great. > >//Magnus > > >
For some reason this morning it's working fine and not even falling into the "changed during execution" error. Maybe it was just windows being its charming self, since I didn't modify anything since last night. Either way, I'd say it's working. T.J. wrote: > Okay, I've been up all night testing this out and here's what I've got... > > I sprinkled some printf's in fe-secure.c because a different error > starting coming up... > > I discovered that on an initial connection open_client_SSL was > attempted 4 times. r is -1 three times, then 0 the fourth time. The > first three times err is 2, the last time err is 1. > > SSL Initialization isn't entered until the third try. But it works > fine, the homedir, usercertfile and userkeyfile are identified > correctly (c:\Documents and Settings\User\ApplicationData/postgresql, > postgresql.crt, postgresql.key, respectively) > > The error coming up states that the private key file was changed > during execution. I looked at it (the error checker) and it has > something to do with comparing two buffers... > > Anyways, after figuring out what was going on I went into that error > function and commented out the return 0, recompiled and a successful > SSL connection was made :) > > Good work guys, you rock. =) > >> I'm out of here myself too, it's getting pretty late. Patches too late >> in the evening tend to need reversal in the morning...:-) >> >> But it seems to be working so far - at least as good as it did with RC3. >> If someone can test the client certificate stuff (that didn't work >> before), that'd be great. >> >> //Magnus >> >> >> > >
"Magnus Hagander" <mha@sollentuna.net> writes: >> Hmm. I wonder if that breakage had anything to do with the lack of >> proper support for home-directory stuff? Might be entertaining to >> un-disable it and see what happens now. > No, it was a character encoding issue. IIRC it broke such things as the > backslash on any non-US locales. So this won't help it. Oh. Okay, well if readline is disabled then that means we don't have any auto-created files in %APPDATA%/postgresql, so the concern about autocreating that directory goes away too. At least until readline is fixed. regards, tom lane