Postgres Pro
Downloads
Home   >   mailing lists

Thread: Re: [BUGS] More SSL questions..

Re: [BUGS] More SSL questions..

From
"Magnus Hagander"
Date:
>> APPDATA/postgresql/psql_history
>> Does not appear to work. Do I need to do anything to make psql create
>> this file?
>
>Enable READLINE/HISTORY.
>
>> A quick look at input.c makes it seem like this is only used when
>> READLINE is enabled. And READLINE is disabled on win32 because it
>> breaks.
>
>Hmm.  I wonder if that breakage had anything to do with the lack of
>proper support for home-directory stuff?  Might be entertaining to
>un-disable it and see what happens now.

No, it was a character encoding issue. IIRC it broke such things as the
backslash on any non-US locales. So this won't help it.


>I'm out of here for the next several hours --- if you have any
>last-minute RC4 patches, try to get Bruce's attention ...

I'm out of here myself too, it's getting pretty late. Patches too late
in the evening tend to need reversal in the morning...:-)

But it seems to be working so far - at least as good as it did with RC3.
If someone can test the client certificate stuff (that didn't work
before), that'd be great.

//Magnus

Re: [BUGS] More SSL questions..

From
Andrew Dunstan
Date:

Magnus Hagander wrote:

>>>A quick look at input.c makes it seem like this is only used when
>>>READLINE is enabled. And READLINE is disabled on win32 because it
>>>breaks.
>>>
>>>
>>Hmm.  I wonder if that breakage had anything to do with the lack of
>>proper support for home-directory stuff?  Might be entertaining to
>>un-disable it and see what happens now.
>>
>>
>
>No, it was a character encoding issue. IIRC it broke such things as the
>backslash on any non-US locales. So this won't help it.
>
>

Arguably this should be enabled/disabled at runtime instead of compile
time. Not sure how hard that would be to do. Say, let's fix this too
before the release!

cheers

andrew

Re: [BUGS] More SSL questions..

From
"T.J."
Date:
Okay, I've been up all night testing this out and here's what I've got...

I sprinkled some printf's in fe-secure.c because a different error
starting coming up...

I discovered that on an initial connection open_client_SSL was attempted
4 times. r is -1 three times, then 0 the fourth time. The first three
times err is 2, the last time err is 1.

SSL Initialization isn't entered until the third try. But it works fine,
the homedir, usercertfile and userkeyfile are identified correctly
(c:\Documents and Settings\User\ApplicationData/postgresql,
postgresql.crt, postgresql.key, respectively)

The error coming up states that the private key file was changed during
execution. I looked at it (the error checker) and it has something to do
with comparing two buffers...

Anyways, after figuring out what was going on I went into that error
function and commented out the return 0, recompiled and a successful SSL
connection was made :)

Good work guys, you rock. =)

>I'm out of here myself too, it's getting pretty late. Patches too late
>in the evening tend to need reversal in the morning...:-)
>
>But it seems to be working so far - at least as good as it did with RC3.
>If someone can test the client certificate stuff (that didn't work
>before), that'd be great.
>
>//Magnus
>
>
>

Re: [BUGS] More SSL questions..

From
"T.J."
Date:
For some reason this morning it's working fine and not even falling into
the "changed during execution" error. Maybe it was just windows being
its charming self, since I didn't modify anything since last night.
Either way, I'd say it's working.

T.J. wrote:

> Okay, I've been up all night testing this out and here's what I've got...
>
> I sprinkled some printf's in fe-secure.c because a different error
> starting coming up...
>
> I discovered that on an initial connection open_client_SSL was
> attempted 4 times. r is -1 three times, then 0 the fourth time. The
> first three times err is 2, the last time err is 1.
>
> SSL Initialization isn't entered until the third try. But it works
> fine, the homedir, usercertfile and userkeyfile are identified
> correctly (c:\Documents and Settings\User\ApplicationData/postgresql,
> postgresql.crt, postgresql.key, respectively)
>
> The error coming up states that the private key file was changed
> during execution. I looked at it (the error checker) and it has
> something to do with comparing two buffers...
>
> Anyways, after figuring out what was going on I went into that error
> function and commented out the return 0, recompiled and a successful
> SSL connection was made :)
>
> Good work guys, you rock. =)
>
>> I'm out of here myself too, it's getting pretty late. Patches too late
>> in the evening tend to need reversal in the morning...:-)
>>
>> But it seems to be working so far - at least as good as it did with RC3.
>> If someone can test the client certificate stuff (that didn't work
>> before), that'd be great.
>>
>> //Magnus
>>
>>
>>
>
>

Re: [BUGS] More SSL questions..

From
Tom Lane
Date:
"Magnus Hagander" <mha@sollentuna.net> writes:
>> Hmm.  I wonder if that breakage had anything to do with the lack of
>> proper support for home-directory stuff?  Might be entertaining to
>> un-disable it and see what happens now.

> No, it was a character encoding issue. IIRC it broke such things as the
> backslash on any non-US locales. So this won't help it.

Oh.  Okay, well if readline is disabled then that means we don't have
any auto-created files in %APPDATA%/postgresql, so the concern about
autocreating that directory goes away too.  At least until readline
is fixed.

            regards, tom lane