Re: Bug #838: SSL problems in 7.3
От | Nathan Mueller |
---|---|
Тема | Re: Bug #838: SSL problems in 7.3 |
Дата | |
Msg-id | 200212100600.AAA00392@norm.cs.wisc.edu обсуждение исходный текст |
Ответ на | Bug #838: SSL problems in 7.3 (pgsql-bugs@postgresql.org) |
Ответы |
Re: Bug #838: SSL problems in 7.3
(Bruce Momjian <pgman@candle.pha.pa.us>)
|
Список | pgsql-bugs |
> tested it with openssl 0.9.6e and it worked on BSD/OS 4.2. The author > is only involved intermittently. I worked with him to get it > working on > 7.3. It is certainly possible there are other bugs in there. Slow night so I learned a little about SSL and figured this out. The following patch does two things. First it switches the ssl method back to SSLv23 so pre-7.3 SSL clients will work with new databases. I made the switch in both the client and the server, but the server change is all you really need. The second is to ignore the SSL syscall error when n is 0 since that means EOF. This fixes both of my problems, hope it works for everyone else too. --Nate diff -ur postgresql-7.3/src/backend/libpq/be-secure.c postgresql-7.3.patched/src/backend/libpq/be-secure.c --- postgresql-7.3/src/backend/libpq/be-secure.c Thu Nov 7 12:47:08 2002 +++ postgresql-7.3.patched/src/backend/libpq/be-secure.c Mon Dec 9 23:47:45 2002 @@ -288,7 +288,8 @@ case SSL_ERROR_WANT_READ: break; case SSL_ERROR_SYSCALL: - elog(ERROR, "SSL SYSCALL error: %s", strerror(errno)); + if (n == -1) + elog(ERROR, "SSL SYSCALL error: %s", strerror(errno)); break; case SSL_ERROR_SSL: elog(ERROR, "SSL error: %s", SSLerrmessage()); @@ -585,7 +586,7 @@ { SSL_library_init(); SSL_load_error_strings(); - SSL_context = SSL_CTX_new(TLSv1_method()); + SSL_context = SSL_CTX_new(SSLv23_method()); if (!SSL_context) { postmaster_error("failed to create SSL context: %s", diff -ur postgresql-7.3/src/interfaces/libpq/fe-secure.c postgresql-7.3.patched/src/interfaces/libpq/fe-secure.c --- postgresql-7.3/src/interfaces/libpq/fe-secure.c Thu Nov 7 12:47:08 2002 +++ postgresql-7.3.patched/src/interfaces/libpq/fe-secure.c Mon Dec 9 23:42:40 2002 @@ -712,7 +712,7 @@ { SSL_library_init(); SSL_load_error_strings(); - SSL_context = SSL_CTX_new(TLSv1_method()); + SSL_context = SSL_CTX_new(SSLv23_method()); if (!SSL_context) { printfPQExpBuffer(&conn->errorMessage, Only in postgresql-7.3.patched/src/interfaces/libpq: fe-secure.c~
В списке pgsql-bugs по дате отправления: