The following bug has been logged on the website:
Bug reference: 7560
Logged by: Kamil Kami=C5=84ski
Email address: kamil@mrblur.net
PostgreSQL version: 9.2.0
Operating system: Windows
Description: =
When openssl is built on Windows it hardcodes OPENSSLDIR into its sources.
By default it is "/usr/local/openssl", however it defaults to configured
prefix when configuring on windows. In my case it defaulted to a location on
D:\libs\openssl.
This leads to random crashes on PQconnect when using SSL layer as openssl
library tries to open openssl.cnf file (which should be at OPENSSLDIR) and
when it cannot found it - throws an error.
Now, this error is not returned by PQconnect as an connection error, instead
whole app shuts down.
When using psql from windows commandline I got messages complaying about
openssl's BIO layer and missing configuration file.
It is easy to reproduce as openssl allows "OPENSSL_CONF" environment
variable to point at 'proper' configuration.
Just try to do:
$ SET OPENSSL_CONF=3D"invalid_path"
$ psql
(" chars are intented - this way path is invalid and openssl cannot fopen()
it.)
And try with any libPQ-based application - it will crash.
I believe this in fact is a bug as:
1) OpenSSL(.exe) displays warning about missing file, never throws error
2) OPENSSL_CONF cannot be overriden from libPQ API
3) OPENSSL_CONF cannot be overriden from application process as libPQ uses
different environment copies (according to MSDN, verified with
SetEnvironmentVariable call befor delay-load libPQ.dll)
4) OPENSSL_CONF is used widely and I cannot blindly replace it system-wide
(for instance: OpenVPN installs OpenSSL and configures global variable)
5) Connection does not return error, instead it crashes whole app.
Some details of my config:
* Microsof Visual Studio 2010 with all upgrades,
* Windows 7 x64 as build host
* OpenSSL 1.0.1c built with defaults (threads, asm), --prefix for nmake
install
* PostgreSQL 9.2.0 configured with openssl set to my aOpenSSL path
* My APP is written in C++ (MFC), dynamically linked to libPQ
* My app crashes directly in PQconnect, server uses SSL
* sslmode=3Ddisable does not crash application,
* My app connects correctly with sslmode=3Drequire if OPENSSL_CONF is set =
to
a blank file (a valid file to fopen)
* My app crashes if OPENSSL_MODE is set to anything invalid
Best regards,
Kamil