From: | Heikki Linnakangas <hlinnakangas(at)vmware(dot)com> |
---|---|
To: | Arne Scheffer <scheffa(at)uni-muenster(dot)de> |
Cc: | <pilum(dot)70(at)uni-muenster(dot)de>, Andres Freund <andres(at)2ndquadrant(dot)com>, <pgsql-bugs(at)postgresql(dot)org> |
Subject: | Re: BUG #12769: SSL-Renegotiation failures |
Date: | 2015-02-19 18:52:34 |
Message-ID: | 54E630F2.1040500@vmware.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
On 02/19/2015 05:06 PM, Arne Scheffer wrote:
> Retried my test suite after commit
>
> 1c2b7c0879d83ff79e4adf2c0a883df92b713da4 Restore the SSL_set_session_id_context() call to OpenSS...
>
> Cloned again from 9.5devel master.
> Now the two patches work as expected (Means: errors without patch, no errors
> with patch (I can't see, whether the code is really performing renegotiation)).
> That seems promising.
>
> As already mentioned:
> I would also test the two patches for 9.3
> in a production near environment to prove them fixing the reported Bug.
> If that isn't desired,
> I will clone them from REL9_3_STABLE branch once they are committed.
Thanks, and sorry for not responding sooner. I investigated this on
Tuesday, and committed that fix. I was able to reproduce the problem you
saw on a Centos 6 VM, and also concluded that it now works on master
with those two patches applied. I tried backpatching them to 9.4, but I
still saw some errors on 9.4 even with the patches. I ran out of time to
dig deepeer, but it seems that some of the other changes done in master
are needed to fully fix this. There has been a lot of changes between
9.4 and master, and some changes between 9.3 and 9.4 as well, so it's
probably going to take some time to come up with correct fixes for all
the back-branches.
- Heikki
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2015-02-20 01:01:26 | Re: BUG #12788: host / peer auth works after pg_ctl reload, then blocks server startup |
Previous Message | dannyman | 2015-02-19 17:44:14 | BUG #12788: host / peer auth works after pg_ctl reload, then blocks server startup |