Re: Bug #838: SSL problems in 7.3
От | Bruce Momjian |
---|---|
Тема | Re: Bug #838: SSL problems in 7.3 |
Дата | |
Msg-id | 200212102058.gBAKwKV03909@candle.pha.pa.us обсуждение исходный текст |
Ответ на | Re: Bug #838: SSL problems in 7.3 (Nathan Mueller <nmueller@cs.wisc.edu>) |
Список | pgsql-bugs |
OK, I can apply this. One question I have is why the double strerror() in the first patch chunk. Also, I will need to manually patch this because your system has formatted the code quite unusually: > libpq_g- > ettext(- > "SSL > SYSCALL > error: > %s\n"), > SOCK_- > STRER- > ROR(S- > OCK_E- > RRNO)- > ); Also, I see in my documentation on SSL_get_error(): SSL_ERROR_SYSCALL Some I/O error occurred. The OpenSSL error queue may contain more information on the error. If the error queue is empty (i.e. ERR_get_error() returns 0), ret can be used to find out more about the error: If ret == 0, an EOF was observed that violates the protocol. If ret == -1, the underlying BIO reported an I/O error (for socket I/O on Unix systems, consult errno for details). I assume this is the issue your patch is addressing, right? --------------------------------------------------------------------------- Nathan Mueller wrote: > Ok, I tested this out with TLSv1 and it worked fine. I found that the > same mistake was being made on the client side of things too so I > included a patch for that too. > > --Nate > > Index: src/backend/libpq/be-secure.c > =================================================================== > RCS file: /s/postgresql-7.3.0/src/CVSROOT/postgresql-7.3.0/src/backend/- > libpq/be-secure.c,v > retrieving revision 1.1.1.1 > diff -u -r1.1.1.1 be-secure.c > --- src/backend/libpq/be-secure.c 2 Dec 2002 03:33:36 -0000 1.1.1.1 > +++ src/backend/libpq/be-secure.c 10 Dec 2002 20:23:30 -0000 > @@ -288,7 +288,8 @@ > case SSL_ERROR_WANT_READ: > break; > case SSL_ERROR_SYSCALL: > - elog(ERROR, "SSL SYSCALL error: %s", > strerror(errno)); > + if (n == -1) > + elog(ERROR, "SSL SYSCALL error: %s", > strerror(errno)); > break; > case SSL_ERROR_SSL: > elog(ERROR, "SSL error: %s", > SSLerrmessage()); > Index: src/interfaces/libpq/fe-secure.c > =================================================================== > RCS file: /s/postgresql-7.3.0/src/CVSROOT/postgresql-7.3.0/src/interfac- > es/libpq/fe-secure.c,v > retrieving revision 1.1.1.1 > diff -u -r1.1.1.1 fe-secure.c > --- src/interfaces/libpq/fe-secure.c 2 Dec 2002 03:33:51 -0000 1.1.1.1 > +++ src/interfaces/libpq/fe-secure.c 10 Dec 2002 20:24:36 -0000 > @@ -270,7 +270,8 @@ > case SSL_ERROR_WANT_READ: > break; > case SSL_ERROR_SYSCALL: > - printfPQExpBuffer(&conn->errorMessage, > + if (n == -1) > + printfPQExpBuffer(&conn->err- > orMessage, > libpq_g- > ettext(- > "SSL > SYSCALL > error: > %s\n"), > SOCK_- > STRER- > ROR(S- > OCK_E- > RRNO)- > ); > break; > @@ -315,7 +316,8 @@ > case SSL_ERROR_WANT_WRITE: > break; > case SSL_ERROR_SYSCALL: > - printfPQExpBuffer(&conn->errorMessage, > + if (n == -1) > + printfPQExpBuffer(&conn->err- > orMessage, > libpq_g- > ettext(- > "SSL > SYSCALL > error: > %s\n"), > SOCK_- > STRER- > ROR(S- > OCK_E- > RRNO)- > ); > break; > > ---------------------------(end of broadcast)--------------------------- > TIP 6: Have you searched our list archives? > > http://archives.postgresql.org > -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073
В списке pgsql-bugs по дате отправления: