| From: | Nikolai Zhubr <n-a-zhubr(at)yandex(dot)ru> |
|---|---|
| To: | undisclosed-recipients:; |
| Cc: | PG-General Mailing List <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Nonblocking libpq + openssl = ? |
| Date: | 2016-09-17 00:12:53 |
| Message-ID: | 57DC8A85.3040407@yandex.ru |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
17.09.2016 2:05, Andres Freund:
[...]
> Well, it's not pretty. I quite dislike this bit, and I've complained
> about it before. But it is noteworthy that it's nearly impossible to
> hit these days, due to ssl-renegotiation support having been ripped out.
> That's what could trigger openssl to require writes upon reads.
Looks like it _usually_ happens so that such interdependent reads and
writes are unnecessary in the absence of renegotiations. But still [1]
instructs to always check for both SSL_ERROR_WANT_READ and
SSL_ERROR_WANT_WRITE in all cases. Supposedly it is for a reason. The
way it is implemented in fe-secure-openssl.c looks just somewhat unfinished.
I'm wondering is there really something that prevents doing it properly?
[1] https://www.openssl.org/docs/manmaster/ssl/SSL_get_error.html
Thank you,
Regards,
Nikolai
>
> Greetings,
>
> Andres Freund
>
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2016-09-17 00:27:51 | Re: Nonblocking libpq + openssl = ? |
| Previous Message | Andres Freund | 2016-09-16 23:05:07 | Re: Nonblocking libpq + openssl = ? |