| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
| Cc: | Postgres hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: OpenSSL connection setup debug callback issue |
| Date: | 2021-01-21 08:01:15 |
| Message-ID: | YAk0yxiO834NYOCF@paquier.xyz |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Dec 10, 2020 at 02:43:33PM +0100, Daniel Gustafsson wrote:
> I went looking at the SSL connection state change information callback we
> install when setting up connections with OpenSSL, and I wasn't getting the
> state changes I expected. Turns out we install it at the tail end of setting
> up the connection so we miss most of the calls. Moving it to the beginning of
> be_tls_open_server allows us to catch the handshake etc. I also extended it by
> printing the human readable state change message available from OpenSSL to make
> the logs more detailed (SSL_state_string_long has existed since 0.9.8).
Looking at the docs, SSL_state_string_long() is better than just
SSL_state_string(), so that sounds right:
https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_info_callback.html
https://www.openssl.org/docs/manmaster/man3/SSL_state_string.html
https://www.openssl.org/docs/manmaster/man3/SSL_state_string_long.html
This is interesting for debugging, +1 for applying what you have
here, and this works for 1.0.1~3.0.0. Worth noting that this returns
a static string, as per ssl_stat.c.
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Noah Misch | 2021-01-21 08:19:58 | Re: Wrong usage of RelationNeedsWAL |
| Previous Message | Peter Eisentraut | 2021-01-21 07:41:04 | Re: Add primary keys to system catalogs |