Re: pg_dump 8.4.9 failing after upgrade to openssl-1.0.1e-30.el6_6.11.x86_64 on redhat linux

From: Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at>
To: "'Douglas Stetner *EXTERN*'" <stetner(at)stetner(dot)org>, "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org>
Subject: Re: pg_dump 8.4.9 failing after upgrade to openssl-1.0.1e-30.el6_6.11.x86_64 on redhat linux
Date: 2015-06-17 07:17:41
Message-ID: A737B7A37273E048B164557ADEF4A58B50F6511D@ntex2010a.host.magwien.gv.at
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Douglas Stetner wrote:
> Looking for confirmation there is an issue with pg_dump failing after upgrade to openssl-1.0.1e-
> 30.el6_6.11.x86_64 on redhat linux.
>
> -bash-4.1$ pg_dump -V
> pg_dump (PostgreSQL) 8.4.9
>
> -bash-4.1$ pg_dump -h localhost -C Hogwarts -a -t mafs -f zz
> pg_dump: Dumping the contents of table "mafs" failed: PQgetCopyData() failed.
> pg_dump: Error message from server: SSL error: unexpected message
> pg_dump: The command was: COPY public.mafs (hugo_symbol,
> ...
> ...
> analysis_id) TO stdout;
>
>
> This is only happening on 2 tables in this database. The same database can be backed up with
> pgAdmin3.app remotely from a Mac
>
> As stated I am fairly sure the cause was the upgrade of openssl as it started to fail the next day:
> Jun 16 05:18:25 qcmg-database1 yum[2965]: Updated: openssl-1.0.1e-30.el6_6.11.x86_64

This looks like a renegotiation problem.

Could you run the following two statements in a psql session:
SET ssl_renegotiation_limit='3kB';
SELECT repeat('0123456789', 900)";
and see if it triggers the problem?

If you set "ssl_renegotiation_limit" to 0, either on the server on using the PGOPTIONS
environment variable on the client side, does the problem go away?

Since you upgraded OpenSSL on one end (you didn't tell us on which), maybe the
problem is the age of the OpenSSL library on the other side ---
if one side follows RFC 5746 and the other doesn't (because it is pre-2010)
you can end up with problems like that.

If my guess is correct, the solution would be to upgrade OpenSSL on the other end too.

And while you are at it, upgrade to PostgreSQL 9.4 if your data are important for you.

Yours,
Laurenz Albe

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Xavier 12 2015-06-17 07:20:37 Re: pg_xlog on a hot_stanby slave
Previous Message CPT 2015-06-17 05:58:21 Feature Request: bigtsvector