| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-hackers(at)postgreSQL(dot)org |
| Subject: | Re: SSL connections don't cope with server crash very well at all |
| Date: | 2008-01-28 08:55:58 |
| Message-ID: | 20080128085558.GC26468@svr2.hagander.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sun, Jan 27, 2008 at 08:09:10PM -0500, Tom Lane wrote:
> If you do a manual "kill -9" (for testing purposes) on its connected
> server process, psql normally recovers nicely:
>
> regression=# select 1;
> ?column?
> ----------
> 1
> (1 row)
>
> -- issue kill here in another window
> regression=# select 1;
> server closed the connection unexpectedly
> This probably means the server terminated abnormally
> before or while processing the request.
> The connection to the server was lost. Attempting reset: Succeeded.
> regression=#
>
> But try it with an SSL-enabled connection, and psql just dies rudely.
> Investigation shows that it's being killed by SIGPIPE while attempting
> to clean up the failed connection:
>
> Program received signal SIGPIPE, Broken pipe.
> 0x00000030f7ec6e80 in __write_nocancel () from /lib64/libc.so.6
> (gdb) bt
> #0 0x00000030f7ec6e80 in __write_nocancel () from /lib64/libc.so.6
> #1 0x0000003102497a27 in rl_filename_completion_function ()
> from /lib64/libcrypto.so.6
> #2 0x0000003102495e5e in BIO_write () from /lib64/libcrypto.so.6
> #3 0x0000003877a1f449 in ssl3_write_pending () from /lib64/libssl.so.6
> #4 0x0000003877a1f8b6 in ssl3_dispatch_alert () from /lib64/libssl.so.6
> #5 0x0000003877a1d602 in ssl3_shutdown () from /lib64/libssl.so.6
> #6 0x00002aaaaaac2675 in close_SSL (conn=0x642d60) at fe-secure.c:1095
> #7 0x00002aaaaaabb483 in pqReadData (conn=0x642d60) at fe-misc.c:719
> #8 0x00002aaaaaaba9b8 in PQgetResult (conn=0x642d60) at fe-exec.c:1223
> #9 0x00002aaaaaabaa8e in PQexecFinish (conn=0x642d60) at fe-exec.c:1452
> #10 0x00000000004075b7 in SendQuery (query=<value optimized out>)
> at common.c:853
> #11 0x0000000000409cf3 in MainLoop (source=0x30f8151680) at mainloop.c:225
> #12 0x000000000040c3dc in main (argc=<value optimized out>, argv=0x100)
> at startup.c:352
>
> Apparently we need to do the SIGPIPE disable/enable dance around
> SSL_shutdown() as well as SSL_write(). I wonder whether we don't need
> it around SSL_read() as well --- I seem to recall that OpenSSL might
> either read or write the socket within SSL_read(), due to various corner
> cases in the SSL protocol.
>
> Comments?
Yes, AFAIK it can end up doing writes - for example if it has to
re-negotiate the encryption key.
So yes, I think we need it around both.
//Magnus
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Russell Smith | 2008-01-28 08:59:18 | Re: Proposed patch: synchronized_scanning GUC variable |
| Previous Message | Magnus Hagander | 2008-01-28 08:28:45 | Re: GSSAPI doesn't play nice with non-canonical host names |