| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | pgsql-hackers(at)postgreSQL(dot)org |
| Subject: | SSL-mode error reporting in libpq |
| Date: | 2011-07-24 18:48:31 |
| Message-ID: | 1743.1311533311@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
In testing the fix for the SSL problem that Martin Pihlak reported, I
realized that libpq doesn't really cope very well with errors reported
by OpenSSL. In the case at hand, SSL_write returns an SSL_ERROR_SSL
code, which pqsecure_write quite reasonably handles by putting
"SSL error: bad write retry" into conn->errorMessage. However, it
then sets errno = ECONNRESET, which causes its caller pqSendSome()
to overwrite that potentially-useful message with an outright lie:
"server closed the connection unexpectedly".
I think what we ought to do is adjust the code so that in SSL mode,
pqsecure_write is responsible for constructing all error messages and
pqSendSome should just leave conn->errorMessage alone.
We could perhaps go a bit further and make pqsecure_write responsible
for the error message in non-SSL mode too, but it looks to me like
pqSendSome has to have a switch on the errno anyway to decide whether to
keep trying or not, so moving that responsibility would just lead to
duplicative coding.
Any objections?
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2011-07-24 20:33:40 | Re: libpq SSL with non-blocking sockets |
| Previous Message | Tim | 2011-07-24 18:48:08 | vacuumlo patch |