Re: libpq's multi-threaded SSL callback handling is busted

From: Jan Urbański <wulczer(at)wulczer(dot)org>
To: Pg Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: libpq's multi-threaded SSL callback handling is busted
Date: 2015-02-11 17:20:08
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

Jan Urbański writes:

> I did some more digging on bug
> which describes a deadlock when using libpq with SSL in a multi-threaded
> environment with other threads doing SSL independently.
> [reproducing instructions]
> I posit we should remove all CRYPTO_set_*_callback functions and associated
> cruft from libpq.
> I could submit a patch to get rid of the crazy CRYPTO_*_callback dance in
> libpq, but at the very least this will require a warning in the release notes

Attached is a patch doing just that.

> I would very much like to have this change back-patched, since setting and
> resetting the callback makes using libpq in a threaded OpenSSL-enabled app
> arguably less safe than if it didn't use any locking.

Also attached is a patch for 9.4 and all previous supported releases, which is
the same thing, but adjusted for when we didn't have a separate fe-secure.c and

If committed, this change will warrant a notice in the release notes. I could
try drafting it, if that'd be helpful.


Attachment Content-Type Size
remove-libpq-crypto-callbacks.patch text/x-diff 7.9 KB
remove-libpq-crypto-callbacks-9.4.patch text/x-diff 8.9 KB

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Thom Brown 2015-02-11 17:55:57 Standby receiving part of missing WAL segment
Previous Message Stephen Frost 2015-02-11 17:17:23 Re: reducing our reliance on MD5