| From: | Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at> |
|---|---|
| To: | "'Piotr Gackiewicz *EXTERN*'" <gacek(at)intertele(dot)pl>, "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Re: pg_dump 8.4.9 failing after upgrade to openssl-1.0.1e-30.el6_6.11.x86_64 on redhat linux |
| Date: | 2015-06-22 08:13:22 |
| Message-ID: | A737B7A37273E048B164557ADEF4A58B50F66FEF@ntex2010a.host.magwien.gv.at |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Piotr Gackiewicz wrote:
> Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>> Douglas Stetner <stetner(at)icloud(dot)com> writes:
>>> Looking for confirmation there is an issue with pg_dump failing after
>>> upgrade to openssl-1.0.1e-30.el6_6.11.x86_64 on redhat linux.
>>
>> Quick thought --- did you restart the Postgres service after upgrading
>> openssl? If not, your server is still using the old library version,
>> while pg_dump would be running the new version on the client side.
>> I don't know exactly what was done to openssl in the last round of
>> revisions, but maybe there is some sort of version compatibility issue.
>>
>> Also, you really ought to be running something newer than PG 8.4.9.
> I have the same problem with fresh postgresql 9.2.13.
> Started after upgrade to openssl-1.0.1e-30.el6_6.11.x86_64
>
> Since then pg_dump aborts after dumping circa 2GB:
>
> pg_dump: [archiver (db)] query failed: SSL error: unexpected message
> pg_dump: [archiver (db)] query was: FETCH 100 FROM _pg_dump_cursor
>
> openssl-1.0.1e-30.el6_6.11.x86_64 on both ends (connecting via localhost)
>
> pg_dump via unix socket, without "-h localhost" - there is no problem.
>
> Fetching 2.5 GB of such text dump via https (apache + mod_ssl +
> openssl-1.0.1e-30.el6_6.11.x86_64) => wget +
> openssl-1.0.1e-30.el6_6.11.x86_64 - there is no problem
>
> Looks like postgresql+ssl issue.
>
> postgres=# select name,setting,unit from pg_settings where name ~ 'ssl' ;
> name | setting | unit
> -------------------------+-----------------------------------+------
> ssl | on |
> ssl_ca_file | |
> ssl_cert_file | server.crt |
> ssl_ciphers | ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH |
> ssl_crl_file | |
> ssl_key_file | server.key |
> ssl_renegotiation_limit | 524288 | kB
>
>
> Any thoughts?
Maybe it has something to do with this OpenSSL bug:
http://rt.openssl.org/Ticket/Display.html?id=3712&user=guest&pass=guest
Basically, OpenSSL fails to handle application data messages during renegotiation.
I have only encountered that when using other SSL libraries together with
OpenSSL, but maybe it can also happen with only OpenSSL.
Just to make sure:
Do you have the same version of OpenSSL on both PostgreSQL client and server?
Yours,
Laurenz Albe
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Piotr Gackiewicz | 2015-06-22 09:06:39 | Re: pg_dump 8.4.9 failing after upgrade to openssl-1.0.1e-30.el6_6.11.x86_64 on redhat linux |
| Previous Message | Albe Laurenz | 2015-06-22 08:04:20 | Re: Postgresql 9.2 has standby server lost data? |