From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
Cc: | Thomas Munro <thomas(dot)munro(at)gmail(dot)com>, Andres Freund <andres(at)anarazel(dot)de>, byavuz81(at)gmail(dot)com, PostgreSQL mailing lists <pgsql-bugs(at)lists(dot)postgresql(dot)org>, Heikki Linnakangas <heikki(dot)linnakangas(at)iki(dot)fi>, Michael Paquier <michael(at)paquier(dot)xyz> |
Subject: | Re: BUG #17391: While using --with-ssl=openssl and PG_TEST_EXTRA='ssl' options, SSL tests fail on OpenBSD 7.0 |
Date: | 2022-02-11 00:44:57 |
Message-ID: | 1952254.1644540297@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
I wrote:
> Just to note that I have a plan for fixing this part. I've concluded
> that it was a design error to implement the write_failed error
> postponement mechanism in pqSendSome, and instead we should shove it
> down a couple of abstraction layers into pqsecure_raw_write. This'd
> visibly have no effect on non-encrypted connections, because
> pqSendSome is the only caller of pqsecure_write. But in encrypted
> connections, we'd be additionally allowing write-failure postponement
> during OpenSSL's internal machinations, which seems to be exactly
> what's wanted now that we have seen this failure mode.
Here's a draft patch for that. It seems to fix the OpenBSD problem
reliably.
I'd originally thought that everything under pqsecure_write needed to be
converted to use the write_failed mechanism, which would have required
rather invasive changes in fe-secure-openssl.c and fe-secure-gssapi.c.
But now I think we can leave those modules alone, as long as the
bottom-level physical I/O uses write_failed. If we get some other
error out of the SSL/GSS layer, there's no harm in reporting it
right away instead of postponing it. This reflects the fact that
it's not that easy to tell whether an OpenSSL error ought to be
classified as "read" or "write", since both I/O directions might be
going on under the hood.
BTW, this also changes what is looking to me like a thinko in
my_sock_write(): if we get a zero result from pqsecure_raw_write(),
we should not be consulting errno, because it wouldn't have
been set. Am I missing something there?
Thoughts?
regards, tom lane
Attachment | Content-Type | Size |
---|---|---|
postpone-ssl-write-failures-too-1.patch | text/x-diff | 8.6 KB |
From | Date | Subject | |
---|---|---|---|
Next Message | Andres Freund | 2022-02-11 00:45:28 | Re: BUG #17384: ERROR: missing chunk number 0 for toast value 152073604 in pg_toast_2619 |
Previous Message | Andres Freund | 2022-02-11 00:32:52 | Re: BUG #17399: Dead tuple number stats not updated on long running queries |