From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at> |
Cc: | "'Piotr Gackiewicz *EXTERN*'" <gacek(at)intertele(dot)pl>, stetner(at)icloud(dot)com, "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
Subject: | Re: Re: pg_dump 8.4.9 failing after upgrade to openssl-1.0.1e-30.el6_6.11.x86_64 on redhat linux |
Date: | 2015-06-22 15:45:15 |
Message-ID: | 4030.1434987915@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at> writes:
> Piotr Gackiewicz wrote:
>>> Douglas Stetner <stetner(at)icloud(dot)com> writes:
>>>> Looking for confirmation there is an issue with pg_dumpfailing after
>>>> upgrade to openssl-1.0.1e-30.el6_6.11.x86_64 on redhat linux.
>> I have the same problem with fresh postgresql 9.2.13.
>> Started after upgrade to openssl-1.0.1e-30.el6_6.11.x86_64
>>
>> Since then pg_dump aborts after dumping circa 2GB:
>> pg_dump: [archiver (db)] query failed: SSL error: unexpected message
>> pg_dump: [archiver (db)] query was: FETCH 100 FROM _pg_dump_cursor
I've been able to reproduce this failure with Postgres HEAD, so whatever
it is, it's pretty much independent of our code version. It was fine with
openssl-1.0.1e-30.el6_6.9.x86_64
but after updating to
openssl-1.0.1e-30.el6_6.11.x86_64
pg_dump fails after about 2GB worth of data transfer.
I find that setting ssl_renegotiation_limit to 0 in postgresql.conf allows
things to work, so it's got something to do with bad renegotiation. But
curiously, the amount of data dumped before failing is the same whether
ssl_renegotiation_limit is 512MB (the default) or something much smaller
such as 10MB. In either case we should have successfully completed
several renegotiations before the failure, so I don't think it's solely
a matter of "renegotiation is busted".
> Maybe it has something to do with this OpenSSL bug:
> http://rt.openssl.org/Ticket/Display.html?id=3712&user=guest&pass=guest
That link doesn't work for me :-(
I'm going to file this as a bug with Red Hat. In the meantime it looks
like we can suggest ssl_renegotiation_limit = 0 as a temporary workaround.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Rick Otten | 2015-06-22 16:04:31 | foreign keys to foreign tables |
Previous Message | Leif Gunnar Erlandsen | 2015-06-22 13:32:23 | cascading replication and replication slots. |