Re: BUG #5804: Connection aborted after many queries.

Paul Davis <paul(dot)joseph(dot)davis(at)gmail(dot)com> writes:
> On Wed, Dec 29, 2010 at 11:27 AM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>> In all cases, you were testing a client against a server on a different
>> machine, right?

> Yeah, all failures were between separate machines with various
> versions of OpenSSL that I never thought to keep track of. After more
> Googling I've found that OS X "fixed" the renegotiation issue by
> disabling it in a security fix [1].

Yeah, I can reproduce the failure pretty quickly on my Mac laptop,
if I use SSL and reduce the ssl_renegotiation_limit setting to
100MB or so. The server's log looks a bit different from what you
showed:

LOG: SSL renegotiation failure
LOG: SSL renegotiation failure
LOG: SSL error: internal error
LOG: could not send data to client: Connection reset by peer
LOG: SSL error: internal error
LOG: could not receive data from client: Connection reset by peer
LOG: unexpected EOF on client connection

which confirms my thought that you were working with two different
openssl libraries, one of which was willing to do renegotiation
and the other not.

This machine is fully up-to-date, so Apple still hasn't fixed the
renegotiation problem beyond the brain-dead "fix" of aborting the
connection :-(. Get on the stick, Cupertino ... everybody else
had this fixed six months ago.

regards, tom lane