Re: Bug #838: SSL problems in 7.3

OK, I can apply this. One question I have is why the double strerror()
in the first patch chunk. Also, I will need to manually patch this
because your system has formatted the code quite unusually:

> libpq_g-
> ettext(-
> "SSL
> SYSCALL
> error:
> %s\n"),
> SOCK_-
> STRER-
> ROR(S-
> OCK_E-
> RRNO)-
> );

Also, I see in my documentation on SSL_get_error():

SSL_ERROR_SYSCALL
Some I/O error occurred. The OpenSSL error queue may
contain more information on the error. If the error
queue is empty (i.e. ERR_get_error() returns 0), ret
can be used to find out more about the error: If ret
== 0, an EOF was observed that violates the protocol.
If ret == -1, the underlying BIO reported an I/O error
(for socket I/O on Unix systems, consult errno for
details).

I assume this is the issue your patch is addressing, right?

---------------------------------------------------------------------------

Nathan Mueller wrote:
> Ok, I tested this out with TLSv1 and it worked fine. I found that the
> same mistake was being made on the client side of things too so I
> included a patch for that too.
>
> --Nate
>
> Index: src/backend/libpq/be-secure.c
> ===================================================================
> RCS file: /s/postgresql-7.3.0/src/CVSROOT/postgresql-7.3.0/src/backend/-
> libpq/be-secure.c,v
> retrieving revision 1.1.1.1
> diff -u -r1.1.1.1 be-secure.c
> --- src/backend/libpq/be-secure.c 2 Dec 2002 03:33:36 -0000 1.1.1.1
> +++ src/backend/libpq/be-secure.c 10 Dec 2002 20:23:30 -0000
> @@ -288,7 +288,8 @@
> case SSL_ERROR_WANT_READ:
> break;
> case SSL_ERROR_SYSCALL:
> - elog(ERROR, "SSL SYSCALL error: %s",
> strerror(errno));
> + if (n == -1)
> + elog(ERROR, "SSL SYSCALL error: %s",
> strerror(errno));
> break;
> case SSL_ERROR_SSL:
> elog(ERROR, "SSL error: %s",
> SSLerrmessage());
> Index: src/interfaces/libpq/fe-secure.c
> ===================================================================
> RCS file: /s/postgresql-7.3.0/src/CVSROOT/postgresql-7.3.0/src/interfac-
> es/libpq/fe-secure.c,v
> retrieving revision 1.1.1.1
> diff -u -r1.1.1.1 fe-secure.c
> --- src/interfaces/libpq/fe-secure.c 2 Dec 2002 03:33:51 -0000 1.1.1.1
> +++ src/interfaces/libpq/fe-secure.c 10 Dec 2002 20:24:36 -0000
> @@ -270,7 +270,8 @@
> case SSL_ERROR_WANT_READ:
> break;
> case SSL_ERROR_SYSCALL:
> - printfPQExpBuffer(&conn->errorMessage,
> + if (n == -1)
> + printfPQExpBuffer(&conn->err-
> orMessage,
> libpq_g-
> ettext(-
> "SSL
> SYSCALL
> error:
> %s\n"),
> SOCK_-
> STRER-
> ROR(S-
> OCK_E-
> RRNO)-
> );
> break;
> @@ -315,7 +316,8 @@
> case SSL_ERROR_WANT_WRITE:
> break;
> case SSL_ERROR_SYSCALL:
> - printfPQExpBuffer(&conn->errorMessage,
> + if (n == -1)
> + printfPQExpBuffer(&conn->err-
> orMessage,
> libpq_g-
> ettext(-
> "SSL
> SYSCALL
> error:
> %s\n"),
> SOCK_-
> STRER-
> ROR(S-
> OCK_E-
> RRNO)-
> );
> break;
>
> ---------------------------(end of broadcast)---------------------------
> TIP 6: Have you searched our list archives?
>
> http://archives.postgresql.org
>

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073