| From: | Thomas Munro <thomas(dot)munro(at)gmail(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Pg Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Rare SSL failures on eelpout |
| Date: | 2019-03-05 18:59:25 |
| Message-ID: | CA+hUKGK9LARF-XF3g1Pxx3oEQawXXeLa+uAXF9NMjaYv+=73Jw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Mar 6, 2019 at 7:05 AM Thomas Munro <thomas(dot)munro(at)gmail(dot)com> wrote:
> On Wed, Mar 6, 2019 at 6:07 AM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> > Annoying. I'd be happier about writing code to fix this if I could
> > reproduce it :-(
>
> Hmm. Note that eelpout only started doing it with OpenSSL 1.1.1.
Bleugh. I think this OpenSSL package might just be buggy on ARM. On
x86, apparently the same version of OpenSSL and all other details of
the test the same, I can see that SSL_connect() returns <= 0
(failure), and then we ask for that cert revoked message directly and
never even reach the startup packet sending code. On ARM,
SSL_connect() returns 1 (success) and then we proceed as discussed and
eventually get the error later (or not). So I think I should figure
out a minimal repro and report this to them.
--
Thomas Munro
https://enterprisedb.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | legrand legrand | 2019-03-05 19:13:09 | Re: any plan to support shared servers like Oracle in PG? |
| Previous Message | Bossart, Nathan | 2019-03-05 18:49:56 | Re: New vacuum option to do only freezing |