From 6976d15a4be50276ea2f77fd5c37d238493f9447 Mon Sep 17 00:00:00 2001 From: Jacob Champion Date: Tue, 15 Jun 2021 10:01:14 -0700 Subject: [PATCH 1/3] nss: don't ignore failures during context shutdown The biggest culprit of a shutdown failure so far seems to be object leaks. A failure here may prevent future contexts from being created (and they'll fail in confusing ways), so don't ignore it. There's not a great way to signal errors from this layer of the stack, but a notice will at least give us a chance of seeing the problem. --- src/interfaces/libpq/fe-secure-nss.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/src/interfaces/libpq/fe-secure-nss.c b/src/interfaces/libpq/fe-secure-nss.c index 1b9bd4f1a5..90f57e0d99 100644 --- a/src/interfaces/libpq/fe-secure-nss.c +++ b/src/interfaces/libpq/fe-secure-nss.c @@ -139,7 +139,16 @@ pgtls_close(PGconn *conn) { if (conn->nss_context) { - NSS_ShutdownContext(conn->nss_context); + SECStatus status; + status = NSS_ShutdownContext(conn->nss_context); + + if (status != SECSuccess) + { + pqInternalNotice(&conn->noticeHooks, + "unable to shut down NSS context: %s", + pg_SSLerrmessage(PR_GetError())); + } + conn->nss_context = NULL; } } -- 2.25.1