From: | Arne Scheffer <scheffa(at)uni-muenster(dot)de> |
---|---|
To: | Heikki Linnakangas <hlinnakangas(at)vmware(dot)com> |
Cc: | pilum(dot)70(at)uni-muenster(dot)de, Andres Freund <andres(at)2ndquadrant(dot)com>, pgsql-bugs(at)postgresql(dot)org |
Subject: | Re: BUG #12769: SSL-Renegotiation failures |
Date: | 2015-02-15 16:34:50 |
Message-ID: | alpine.DEB.2.02.1502151701430.1932@zivarne |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
On the same machine (CentOS6)
Cloned from 9.5devel,
./configure --with-perl --with-openssl --with-python --with-tcl --with-pam --with-ldap --enable-thread-safety --enable-debug
make make install make clean
Repeated the procedure attached in the mail
Got a different error (also twice at exected renegotiation times):
< 2015-02-15 16:40:45.438 CET >LOG: SSL error: session id context uninitialized
< 2015-02-15 16:40:45.439 CET >LOG: could not receive data from client: Connection reset by peer
< 2015-02-15 16:40:45.439 CET >LOG: unexpected EOF on standby connection
Tried
git checkout -b ssl_patch
patch -p1 <../0001-Fix-sslv3-alert-unexpected-message-errors-in-SSL-ren.patch
(got applied on 2 files)
patch -p1 <../0002-Also-drain-input-buffer-in-non-blocking-mode-if-send.patch
(got applied on 1 file)
Repeated make make install make clean
Repeated the procedure attached in the mail.
(Both twice.)
Got the same errors.
Perhaps I did something wrong. Could you add a temporary debug line, so that I can
see, that the patch is really applied in my environment?
Even tried 0003, but no change.
Patch expectedly doesn't apply on 9.3.6:
[root(at)zivwebapp13 postgresql-9.3.6patched]# patch -p1
<../0001-Fix-sslv3-alert-unexpected-message-errors-in-SSL-ren.patch
patching file src/interfaces/libpq/fe-misc.c
Hunk #1 succeeded at 919 (offset -1 lines).
can't find file to patch at input line 45
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|diff --git a/src/interfaces/libpq/fe-secure-openssl.c
b/src/interfaces/libpq/fe-secure-openssl.c
|index a32af34..93b8184 100644
|--- a/src/interfaces/libpq/fe-secure-openssl.c
|+++ b/src/interfaces/libpq/fe-secure-openssl.c
--------------------------
I would also test backpatched patch code once it's made.
VlG
Arne
On Sat, 14 Feb 2015, Heikki Linnakangas wrote:
> On 02/13/2015 10:59 PM, Andres Freund wrote:
>> On 2015-02-13 18:52:02 +0000, pilum(dot)70(at)uni-muenster(dot)de wrote:
>>> I get ssl renegotiation failures with streaming standbys. Sometimes the
>>> connection breaks and is reconnected afterwards. However, if I use
>>> pg_basebackup (same libpq connection string), I don't get any of these
>>> failures, allthough the transferred data ist far beyond 512 MB
>>> So I don't think it's the
>>> ssl renegotiation bug (openssl of a yum update patched centos6)
>>> If I disable ssl_renegotiation_limit to 0, there are no errors any more,
>>> but that is only a workaround, no solution.
>>
>> Heikki and me have recently investigated problems around SSL
>> renegotiation. See
>> http://www.postgresql.org/message-id/20150126101405.GA31719@awork2.anarazel.de
>> .
>
> I wasn't able to reproduce exactly the same error you saw, Arne, so it would
> be good if you could test the patches I've been developing, to see if they
> fix your problem too. That is, patches 0001 and 0002 from
> http://www.postgresql.org/message-id/54DE6FAF.6050005@vmware.com. Could you
> do that?
>
> - Heikki
>
From | Date | Subject | |
---|---|---|---|
Next Message | Jean-Pierre Pelletier | 2015-02-16 02:48:51 | Exception 0xC0000005 on pg_restore with 9.4.1 at "copy from", works on 9.3.* |
Previous Message | jd | 2015-02-14 18:14:37 | BUG #12772: Unexpected autovacuum behavior |