From: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
---|---|
To: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
Cc: | Vaishnavi Prabakaran <vaishnaviprabakaran(at)gmail(dot)com>, PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Error-like LOG when connecting with SSL for password authentication |
Date: | 2017-05-23 11:18:47 |
Message-ID: | CAB7nPqT+9L2HekPT8xeJH2Xv3zXogePMwtq=BqrQs8J-RPzpAg@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Tue, May 23, 2017 at 6:36 AM, Heikki Linnakangas <hlinnaka(at)iki(dot)fi> wrote:
> On 05/22/2017 10:11 PM, Vaishnavi Prabakaran wrote:
>>
>> On Mon, May 22, 2017 at 5:10 PM, Michael Paquier
>> <michael(dot)paquier(at)gmail(dot)com>
>> wrote:
>>
>>> If the protocol version is SSL
>>> 3.0 or TLS 1.0, this result code is returned only if a closure alert
>>> has occurred in the protocol, i.e. if the connection has been closed
>>> cleanly. Note that in this case SSL_ERROR_ZERO_RETURN does not
>>> necessarily indicate that the underlying transport has been closed.
>>
>>
>> I guess this error code exist even for SSL2 protocol, In that case, don't
>> we need to keep the current code for this error code?
>
> If I understand correctly, with SSLv2, SSL_ERROR_ZERO_RETURN does mean that
> the underlying transport has been closed. Returning 0 seems appropriate in
> that case, too.
Am I reading the docs incorrectly then? I understand that with SSLv2
the transport may not be closed after SSL_ERROR_ZERO_RETURN.
> But the point is moot anyway, because PostgreSQL doesn't allow SSLv2
> anymore.
And SSL_OP_NO_SSLv2 is enforced anyway.
Side note.. Looking at the openssl docs, I am just noticing that
SSLv23_method has been marked as deprecated in 1.1.0:
https://www.openssl.org/docs/man1.1.0/ssl/SSLv23_method.html
And has been replaced by TLS_method. Something to keep in mind.
--
Michael
From | Date | Subject | |
---|---|---|---|
Next Message | Michael Paquier | 2017-05-23 12:00:05 | Re: Regarding Postgres Dynamic Shared Memory (DSA) |
Previous Message | Amit Kapila | 2017-05-23 11:11:39 | Re: Increasing parallel workers at runtime |