Skip site navigation (1) Skip section navigation (2)

Re: Bug #838: SSL problems in 7.3

From: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
To: Nathan Mueller <nmueller(at)cs(dot)wisc(dot)edu>
Cc: pgsql-bugs(at)postgresql(dot)org
Subject: Re: Bug #838: SSL problems in 7.3
Date: 2002-12-10 20:58:20
Message-ID: 200212102058.gBAKwKV03909@candle.pha.pa.us (view raw or flat)
Thread:
Lists: pgsql-bugs
OK, I can apply this.  One question I have is why the double strerror()
in the first patch chunk.  Also, I will need to manually patch this
because your system has formatted the code quite unusually:

>                                                                 libpq_g-
>                                                                 ettext(-
>                                                                 "SSL
>                                                                 SYSCALL
>                                                                 error:
>                                                                 %s\n"),
>                                                                   SOCK_-
>                                                                   STRER-
>                                                                   ROR(S-
>                                                                   OCK_E-
>                                                                   RRNO)-
>                                                                   );

Also, I see in my documentation on SSL_get_error():

       SSL_ERROR_SYSCALL
           Some I/O error occurred.  The OpenSSL error queue may
           contain more information on the error.  If the error
           queue is empty (i.e. ERR_get_error() returns 0), ret
           can be used to find out more about the error: If ret
           == 0, an EOF was observed that violates the protocol.
           If ret == -1, the underlying BIO reported an I/O error
           (for socket I/O on Unix systems, consult errno for
           details).

I assume this is the issue your patch is addressing, right?

---------------------------------------------------------------------------

Nathan Mueller wrote:
> Ok, I tested this out with TLSv1 and it worked fine. I found that the
> same mistake was being made on the client side of things too so I
> included a patch for that too.
> 
>         --Nate
> 
> Index: src/backend/libpq/be-secure.c
> ===================================================================
> RCS file: /s/postgresql-7.3.0/src/CVSROOT/postgresql-7.3.0/src/backend/-
> libpq/be-secure.c,v
> retrieving revision 1.1.1.1
> diff -u -r1.1.1.1 be-secure.c
> --- src/backend/libpq/be-secure.c 2 Dec 2002 03:33:36 -0000 1.1.1.1
> +++ src/backend/libpq/be-secure.c 10 Dec 2002 20:23:30 -0000
> @@ -288,7 +288,8 @@
>                         case SSL_ERROR_WANT_READ:
>                                 break;
>                         case SSL_ERROR_SYSCALL:
> -                               elog(ERROR, "SSL SYSCALL error: %s",
>                                 strerror(errno));
> +                               if (n == -1)
> +                                   elog(ERROR, "SSL SYSCALL error: %s",
>                                     strerror(errno));
>                                 break;
>                         case SSL_ERROR_SSL:
>                                 elog(ERROR, "SSL error: %s",
>                                 SSLerrmessage());
> Index: src/interfaces/libpq/fe-secure.c
> ===================================================================
> RCS file: /s/postgresql-7.3.0/src/CVSROOT/postgresql-7.3.0/src/interfac-
> es/libpq/fe-secure.c,v
> retrieving revision 1.1.1.1
> diff -u -r1.1.1.1 fe-secure.c
> --- src/interfaces/libpq/fe-secure.c 2 Dec 2002 03:33:51 -0000 1.1.1.1
> +++ src/interfaces/libpq/fe-secure.c 10 Dec 2002 20:24:36 -0000
> @@ -270,7 +270,8 @@
>                         case SSL_ERROR_WANT_READ:
>                                 break;
>                         case SSL_ERROR_SYSCALL:
> -                               printfPQExpBuffer(&conn->errorMessage,
> +                               if (n == -1)
> +                                   printfPQExpBuffer(&conn->err-
>                                     orMessage,
>                                                                 libpq_g-
>                                                                 ettext(-
>                                                                 "SSL
>                                                                 SYSCALL
>                                                                 error:
>                                                                 %s\n"),
>                                                                   SOCK_-
>                                                                   STRER-
>                                                                   ROR(S-
>                                                                   OCK_E-
>                                                                   RRNO)-
>                                                                   );
>                                 break;
> @@ -315,7 +316,8 @@
>                         case SSL_ERROR_WANT_WRITE:
>                                 break;
>                         case SSL_ERROR_SYSCALL:
> -                               printfPQExpBuffer(&conn->errorMessage,
> +                               if (n == -1)
> +                                   printfPQExpBuffer(&conn->err-
>                                     orMessage,
>                                                                 libpq_g-
>                                                                 ettext(-
>                                                                 "SSL
>                                                                 SYSCALL
>                                                                 error:
>                                                                 %s\n"),
>                                                                   SOCK_-
>                                                                   STRER-
>                                                                   ROR(S-
>                                                                   OCK_E-
>                                                                   RRNO)-
>                                                                   );
>                                 break;
> 
> ---------------------------(end of broadcast)---------------------------
> TIP 6: Have you searched our list archives?
> 
> http://archives.postgresql.org
> 

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman(at)candle(dot)pha(dot)pa(dot)us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073

In response to

pgsql-bugs by date

Next:From: Nathan MuellerDate: 2002-12-10 21:24:04
Subject: Re: Bug #838: SSL problems in 7.3
Previous:From: Nathan MuellerDate: 2002-12-10 20:52:38
Subject: Re: Bug #838: SSL problems in 7.3

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group