I wrote:
> Stephen Frost <sfrost@snowman.net> writes:
>> Agreed that it doesn't seem well documented. I was trying to figure out
>> what the 'right' answer here was myself and not having much success. If
>> the above works, then +1 to that.
> My reaction as well --- I was just gearing up to test this idea,
> unless one of you are already on it?
I've confirmed that this:
diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
index e12b1cc9e3..47eee4b59d 100644
--- a/src/backend/libpq/be-secure-openssl.c
+++ b/src/backend/libpq/be-secure-openssl.c
@@ -1363,6 +1363,10 @@ SSLerrmessage(unsigned long ecode)
errreason = ERR_reason_error_string(ecode);
if (errreason != NULL)
return errreason;
+#ifdef ERR_SYSTEM_ERROR
+ if (ERR_SYSTEM_ERROR(ecode))
+ return strerror(ERR_GET_REASON(ecode));
+#endif
snprintf(errbuf, sizeof(errbuf), _("SSL error code %lu"), ecode);
return errbuf;
}
seems to be enough to fix the problem on OpenSSL 3.1.1. The #ifdef
is needed to avoid compile failure against OpenSSL 1.1.1 --- but that
version doesn't have the problem, so we don't need to sweat.
This could probably do with a comment, and we need to propagate
the fix into libpq's copy of the function too. Barring objections,
I'll take care of that and push it later today.
regards, tom lane