| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | Joshua Brindle <joshua(dot)brindle(at)crunchydata(dot)com> |
| Cc: | Kevin Burke <kevin(at)burke(dot)dev>, Jacob Champion <pchampion(at)vmware(dot)com>, "pgsql-hackers(at)lists(dot)postgresql(dot)org" <pgsql-hackers(at)lists(dot)postgresql(dot)org>, "hlinnaka(at)iki(dot)fi" <hlinnaka(at)iki(dot)fi>, "andrew(dot)dunstan(at)2ndquadrant(dot)com" <andrew(dot)dunstan(at)2ndquadrant(dot)com>, "sfrost(at)snowman(dot)net" <sfrost(at)snowman(dot)net>, "rachelmheaton(at)gmail(dot)com" <rachelmheaton(at)gmail(dot)com>, "thomas(dot)munro(at)gmail(dot)com" <thomas(dot)munro(at)gmail(dot)com>, "michael(at)paquier(dot)xyz" <michael(at)paquier(dot)xyz>, "andres(at)anarazel(dot)de" <andres(at)anarazel(dot)de> |
| Subject: | Re: Support for NSS as a libpq TLS backend |
| Date: | 2021-11-23 14:12:45 |
| Message-ID: | 3EEE302A-62CF-4B74-A120-DE0E9699094D@yesql.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On 17 Nov 2021, at 19:42, Joshua Brindle <joshua(dot)brindle(at)crunchydata(dot)com> wrote:
> On Tue, Nov 16, 2021 at 1:26 PM Joshua Brindle
> <joshua(dot)brindle(at)crunchydata(dot)com> wrote:
>> I think there it a typo in the docs here that prevents them from
>> building (this diff seems to fix it):
Ah yes, thanks, I had noticed that one but forgot to send out a new version to
make the CFBot green.
> After a bit more testing, the server is up and running with an nss
> database but before configuring the client database I tried connecting
> and got a segfault:
Interesting. I'm unable to reproduce this crash, can you show the sequence of
commands which led to this?
> It looks like the ssl connection falls through to attempt a non-ssl
> connection but at some point conn->ssl_in_use gets set to true,
> despite pr_fd and nss_context being null.
pgtls_close missed setting ssl_in_use to false, fixed in the attached. I've
also added some assertions to the connection setup for debugging this.
> This patch fixes the segfault but I suspect is not the correct fix,
> due to the error when connecting saying "Success":
Right, without an SSL enabled FD we should never get here.
--
Daniel Gustafsson https://vmware.com/
| Attachment | Content-Type | Size |
|---|---|---|
| v49-0001-nss-Support-libnss-as-TLS-library-in-libpq.patch | application/octet-stream | 103.1 KB |
| v49-0002-Refactor-SSL-testharness-for-multiple-library.patch | application/octet-stream | 11.6 KB |
| v49-0003-nss-Add-NSS-specific-tests.patch | application/octet-stream | 59.0 KB |
| v49-0004-test-check-for-empty-stderr-during-connect_ok.patch | application/octet-stream | 3.7 KB |
| v49-0005-nss-pg_strong_random-support.patch | application/octet-stream | 2.0 KB |
| v49-0006-nss-Documentation.patch | application/octet-stream | 35.6 KB |
| v49-0007-nss-Support-NSS-in-pgcrypto.patch | application/octet-stream | 79.8 KB |
| v49-0008-nss-Support-NSS-in-sslinfo.patch | application/octet-stream | 3.6 KB |
| v49-0009-nss-Support-NSS-in-cryptohash.patch | application/octet-stream | 6.1 KB |
| v49-0010-nss-Build-infrastructure.patch | application/octet-stream | 24.4 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Herrera | 2021-11-23 14:41:23 | Re: Windows build warnings |
| Previous Message | Juan José Santamaría Flecha | 2021-11-23 13:58:33 | Re: Windows build warnings |