The postmaster contains this code just before it waits for input:
#ifdef USE_SSL for (curr = DLGetHead(PortList); curr; curr = DLGetSucc(curr)) { if (((Port *)
DLE_VAL(curr))->ssl&& SSL_pending(((Port *) DLE_VAL(curr))->ssl) > 0) { no_select
=true; break; } } if (no_select) FD_ZERO(&rmask); /* So we don't
accept()anything below */
#endif
I am not sure exactly what SSL_pending() is defined to mean, but as
near as I can tell, whenever SSL_pending() returns true, the postmaster
will completely ignore every other input-ready condition. This spells
"denial of service" from where I sit: a nonresponsive SSL client will
cause the postmaster to freeze up for all other clients.
Can anyone who knows about SSL defend or even explain the above code?
I am strongly inclined to just dike it out.
regards, tom lane