| From: | Dave Vitek <dvitek(at)grammatech(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Peter Geoghegan <pg(at)heroku(dot)com>, pgsql-bugs <pgsql-bugs(at)postgresql(dot)org> |
| Subject: | Re: BUG #12799: libpq - SSL pqsecure_read() doesn't clean openssl error queue before reading |
| Date: | 2016-02-18 22:58:32 |
| Message-ID: | 56C64C98.2010502@grammatech.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
On 2/18/2016 5:38 PM, Tom Lane wrote:
> Dave Vitek <dvitek(at)grammatech(dot)com> writes:
>> Maintainers: Peter's patch is better than mine, at least for the front
>> end side. I also adjusted be-secure-openssl.c, which perhaps is not
>> necessary, but then again it's hard to be sure. It might be worth doing
>> a patch for be-secure-openssl.c in the spirit of what Peter did for the
>> frontend (sorry, not volunteering :).
> +1 for changing both sides. I'm fairly sure that you could provoke
> problems of this ilk in the backend too, for example if client connection
> is using SSL and we also establish an outgoing SSL connection using
> postgres_fdw or dblink.
>
> BTW, do we have a reproducible test case?
>
> regards, tom lane
I can reproduce it, but I don't have a self contained unit test.
Such a test case might look like: call ERR_put_error with SSL_ERROR_SSL
and then cause libpq to invoke SSL_read. SSL_get_error after the read
will probably return SSL_ERROR_SSL even if the read goes fine, causing
postgres to conclude things have failed.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Geoghegan | 2016-02-18 23:32:24 | Re: BUG #12799: libpq - SSL pqsecure_read() doesn't clean openssl error queue before reading |
| Previous Message | Tom Lane | 2016-02-18 22:38:37 | Re: BUG #12799: libpq - SSL pqsecure_read() doesn't clean openssl error queue before reading |