Re: Re: pg_dump 8.4.9 failing after upgrade to openssl-1.0.1e-30.el6_6.11.x86_64 on redhat linux

Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at> writes:
> Piotr Gackiewicz wrote:
>>> Douglas Stetner <stetner(at)icloud(dot)com> writes:
>>>> Looking for confirmation there is an issue with pg_dumpfailing after
>>>> upgrade to openssl-1.0.1e-30.el6_6.11.x86_64 on redhat linux.

>> I have the same problem with fresh postgresql 9.2.13.
>> Started after upgrade to openssl-1.0.1e-30.el6_6.11.x86_64
>>
>> Since then pg_dump aborts after dumping circa 2GB:
>> pg_dump: [archiver (db)] query failed: SSL error: unexpected message
>> pg_dump: [archiver (db)] query was: FETCH 100 FROM _pg_dump_cursor

I've been able to reproduce this failure with Postgres HEAD, so whatever
it is, it's pretty much independent of our code version. It was fine with
openssl-1.0.1e-30.el6_6.9.x86_64
but after updating to
openssl-1.0.1e-30.el6_6.11.x86_64
pg_dump fails after about 2GB worth of data transfer.

I find that setting ssl_renegotiation_limit to 0 in postgresql.conf allows
things to work, so it's got something to do with bad renegotiation. But
curiously, the amount of data dumped before failing is the same whether
ssl_renegotiation_limit is 512MB (the default) or something much smaller
such as 10MB. In either case we should have successfully completed
several renegotiations before the failure, so I don't think it's solely
a matter of "renegotiation is busted".

> Maybe it has something to do with this OpenSSL bug:
> http://rt.openssl.org/Ticket/Display.html?id=3712&user=guest&pass=guest

That link doesn't work for me :-(

I'm going to file this as a bug with Red Hat. In the meantime it looks
like we can suggest ssl_renegotiation_limit = 0 as a temporary workaround.

regards, tom lane