I came across another bug in the SSL code. backend/libpq/pqcomm.c:pq_eof()
calls recv() to read a single byte of data to check for EOF. The
character is then stuffed into the read buffer.
This will not work with SSL. Besides the data being encrypted, you
could end up reading a byte from an SSL control message instead of a
data message, or messing up counts. Fortunately this procedure only
seems to be called in some password code - if you use 'trust' or 'ident'
then the SSL should work fine.
The quick fix is to add another USE_SSL block, a better fix is to
explicitly create a new abstraction layer.
Bear