From: | Lars Kanis <kanis(at)comcard(dot)de> |
---|---|
To: | Magnus Hagander <magnus(at)hagander(dot)net> |
Cc: | pgsql-bugs(at)postgresql(dot)org |
Subject: | Re: BUG #4869: No proper initialization of OpenSSL-Engine in libpq |
Date: | 2009-06-22 14:47:48 |
Message-ID: | 200906221648.00617.kanis@comcard.de |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
Am Montag, 22. Juni 2009 15:55:58 schrieben Sie:
> Lars Kanis wrote:
> >> Should we not also call ENGINE_finish() and ENGINE_free() in the success
> >> path of this code? Your patch adds it to the case where we didn't get
> >> the private key, but what if we did? I assume they should also go
> >> outside the error path, per the attached patch - or will that break
> >> their usage?
> >
> > That's right. I thought about it, but I don't know where the right place
> > is.
> >
> >> Can you test that and verify that it doesn't break for you?
> >
> > It breaks with Segmentation fault in my smartcard-based setup. The
> > pkey-handle is all we have from the engine, when client_cert_cb() is
> > finished. Obviously the ref-counting of openssl does not take the
> > pkey-handle into account, so we need to keep the engine_ptr for later
> > freeing.
>
> So we need to keep the engine initialized during this time? Ugh. We
> don't currently carry around the engine pointer. I guess we have to.
>
> > close_SSL() should be the right place for ENGINE_finish() and
> > ENGINE_free() ?
>
> Yup.
>
> How about the attached patch? Does it work for you?
Yes, it works perfect. Now, if I close the connection, the engine is closed
too, so I have to type the PIN another time for a next connection. That
should be the correct behaviour.
>
> A question from that then, for others, is it Ok to add a field to the
> PGconn structure during RC? :-) It's only in libpq-int.h, but? Comments?
> Tom, perhaps?
From | Date | Subject | |
---|---|---|---|
Next Message | Lars Kanis | 2009-06-22 15:03:54 | Re: BUG #4869: No proper initialization of OpenSSL-Engine in libpq |
Previous Message | Magnus Hagander | 2009-06-22 14:38:32 | Re: BUG #4869: No proper initialization of OpenSSL-Engine in libpq |