| From: | Dave Vitek <dvitek(at)grammatech(dot)com> |
|---|---|
| To: | Peter Geoghegan <pg(at)heroku(dot)com> |
| Cc: | pgsql-bugs <pgsql-bugs(at)postgresql(dot)org> |
| Subject: | Re: BUG #12799: libpq - SSL pqsecure_read() doesn't clean openssl error queue before reading |
| Date: | 2016-02-18 22:33:19 |
| Message-ID: | 56C646AF.5010805@grammatech.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
On 2/18/2016 5:16 PM, Peter Geoghegan wrote:
> On Thu, Feb 18, 2016 at 2:11 PM, Dave Vitek <dvitek(at)grammatech(dot)com> wrote:
>> We independently ran into this, diagnosed it, and fixed it. Here is the
>> complete patch covering every use of SSL_get_error.
> I posted a patch for this issue independently, and quite recently:
>
> https://commitfest.postgresql.org/9/520/
>
> Do you happen to have any idea why there has been an uptick in problem
> reports about this recently, despite the fact that it's been an issue
> for a while (that's been the case within Heroku, at least)? Are you
> aware that there is some specific trend behind that?
>
I can only speak for my case. postgres is part of our CodeSonar
product, and we are adding an option to have it use TLS sockets to talk
to postgres.
Maintainers: Peter's patch is better than mine, at least for the front
end side. I also adjusted be-secure-openssl.c, which perhaps is not
necessary, but then again it's hard to be sure. It might be worth doing
a patch for be-secure-openssl.c in the spirit of what Peter did for the
frontend (sorry, not volunteering :).
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2016-02-18 22:38:37 | Re: BUG #12799: libpq - SSL pqsecure_read() doesn't clean openssl error queue before reading |
| Previous Message | Peter Geoghegan | 2016-02-18 22:16:05 | Re: BUG #12799: libpq - SSL pqsecure_read() doesn't clean openssl error queue before reading |