Обсуждение: 9.0 SSL renegotiation failure restoring data
Steps to reproduce:
 1. Ran latest pgAdmin in windows server 2005 Standard x64 Edition
 2. Restore data to Postgres 9.0 linux server from 450 MB backup file if only 
 SSL connection is enabled
 After some time pg_restore reports that connection is closed.
 server log is below.
 How to restore 450 MB backup copy to Postgres 9.0 Linux server from windows
 server using SSL ?
 Andrus.
 LOG:  duration: 2643663.100 ms  statement: COPY artpilt (id, toode, pilt,
 pildityyp, esipil
 t) FROM stdin;
 LOG:  SSL renegotiation failure
 LOG:  SSL failed to send renegotiation request
 LOG:  SSL renegotiation failure
 LOG:  SSL error: unsafe legacy renegotiation disabled
 LOG:  could not send data to client: Connection reset by peer
 LOG:  SSL error: unsafe legacy renegotiation disabled
 LOG:  could not receive data from client: Connection reset by peer
 LOG:  unexpected EOF on client connection
  
			
		
Andrus Moor <kobruleht2@hot.ee> writes:
> How to restore 450 MB backup copy to Postgres 9.0 Linux server from
> windows server using SSL ?
Either (1) get a non-lobotomized SSL library, or (2) set
ssl_renegotiation_limit to zero in the server.
            regards, tom lane
			
		> Either (1) get a non-lobotomized SSL library
I'm using latest official Postgres 9.0 server and pgAdmin client. Does one of them contain bug in SSL ?
Andrus.
Andrus Moor wrote: > > Either (1) get a non-lobotomized SSL library > I'm using latest official Postgres 9.0 server and pgAdmin client. > Does one of them contain bug in SSL?? Uh, we don't ship SSL in the server. We ship code that _uses_ ssl, so I would look at your operating system to see what version of SSL you have, and perhaps update that. -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + It's impossible for everything to be true. +
> Uh, we don't ship SSL in the server. > We ship code that _uses_ ssl, so I > would look at your operating system to see what version of SSL you have, > and perhaps update that. I installed postgres 9.0 RC in Windows from official link and looked into bin: Directory of C:\Program Files\PostgreSQL\9.0\bin 15.11.2009 16:37 200_704 ssleay32.dll 15.11.2009 16:37 1_017_344 libeay32.dll How to update them so that they match with linux server ? Andrus.
Andrus wrote: > > Uh, we don't ship SSL in the server. > > We ship code that _uses_ ssl, so I > > would look at your operating system to see what version of SSL you have, > > and perhaps update that. > > I installed postgres 9.0 RC in Windows from official link and looked into > bin: > > Directory of C:\Program Files\PostgreSQL\9.0\bin > > 15.11.2009 16:37 200_704 ssleay32.dll > 15.11.2009 16:37 1_017_344 libeay32.dll > > How to update them so that they match with linux server ? Oh, interesting. So we install SSL with our Win32 install, and I assume that is a new/correct version of ssl. Dave, this person says they are getting disconnected regularly and we thought it was ssl renegotiation, but not I am unclear what is causing the disconnection. -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + It's impossible for everything to be true. +
On Thu, Oct 21, 2010 at 2:40 PM, Bruce Momjian <bruce@momjian.us> wrote: > Andrus wrote: >> > Uh, we don't ship SSL in the server. >> > We ship code that _uses_ ssl, so I >> > would look at your operating system to see what version of SSL you have, >> > and perhaps update that. >> >> I installed postgres 9.0 RC in Windows from official link and looked into >> bin: >> >> Directory of C:\Program Files\PostgreSQL\9.0\bin >> >> 15.11.2009 16:37 200_704 ssleay32.dll >> 15.11.2009 16:37 1_017_344 libeay32.dll >> >> How to update them so that they match with linux server ? > > Oh, interesting. So we install SSL with our Win32 install, and I assume > that is a new/correct version of ssl. > > Dave, this person says they are getting disconnected regularly and we > thought it was ssl renegotiation, but not I am unclear what is causing > the disconnection. It's possible - it depends on what version of OpenSSL was available at the time we started testing 9.0. Dharmendra, can you please check and upgrade the build servers if necessary? -- Dave Page Blog: http://pgsnake.blogspot.com Twitter: @pgsnake EnterpriseDB UK: http://www.enterprisedb.com The Enterprise PostgreSQL Company