| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, PostgreSQL WWW <pgsql-www(at)lists(dot)postgresql(dot)org>, Andrew Dunstan <andrew(at)dunslane(dot)net> |
| Subject: | Re: buildfarm server suddenly not talking to old SSL stacks? |
| Date: | 2018-07-17 17:10:02 |
| Message-ID: | CABUevEw2cXe63_gHO=MqNjvxXph9bR6fuQEes634NXZN6c5+eQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-www |
On Tue, Jul 17, 2018 at 7:04 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Magnus Hagander <magnus(at)hagander(dot)net> writes:
> > On Tue, Jul 17, 2018 at 7:28 AM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> >>> My buildfarm animals dromedary and prairiedog have been failing since
> >>> around 9AM EDT on Sunday. ... Have we done something recently to create
> >>> an incompatibility with old SSL stacks?
>
> > We also changed some of the server setup so there is now a haproxy that's
> > doing the SSL termination. So there is probably a slightly different
> > configuration of available SSL algorithms and such as well. It might be
> > either one of those two, both changes happened not too far apart on that
> > day.
>
> Hm. Closer investigation suggests that there's something else wrong.
> While, as I said, curl works for non-SSL connections:
>
> $ curl http://buildfarm.postgresql.org/branches_of_interest.txt
> REL9_3_STABLE
> REL9_4_STABLE
> REL9_5_STABLE
> REL9_6_STABLE
> REL_10_STABLE
> REL_11_STABLE
> HEAD
>
> doing the same thing the way the buildfarm script does it does not work:
>
> $ perl -MLWP::Simple -e 'LWP::Simple::getprint("http:/
> /buildfarm.postgresql.org/branches_of_interest.txt");'
> 500 Can't connect to buildfarm.postgresql.org:80 (No route to host) <URL:
> http://buildfarm.postgresql.org/branches_of_interest.txt>
>
OK, that's just weird. It's failing to connect on port *80* with a "No
route to host" error? That sounds more like it would be on a network layer?
I could understand many weird errors on it, but no route to host seems
extremely weird. Almost indicates it would be connecting to the wrong IP.
That's on dromedary's host with perl 5.10.0. Even weirder, it
> *does* work on prairiedog's host with perl 5.8.3. I think that the
> latter installation is newer and hence may have newer copies of
> some CPAN-supplied modules, but I'm not sure how to debug further.
>
> Also, on prairiedog's host, this is what I get for the https case:
>
> $ perl -MLWP::Simple -MLWP::Protocol::https -e 'LWP::Simple::getprint("
> https://buildfarm.postgresql.org/branches_of_interest.txt");'
> 500 Can't connect to buildfarm.postgresql.org:443 <URL:https://buildfarm.
> postgresql.org/branches_of_interest.txt>
>
> which isn't terribly informative but it doesn't look like an SSL
> certificate failure.
>
That one I believe more in since it could be because of SSL issues. What do
you get with curl on that one?
--
Magnus Hagander
Me: https://www.hagander.net/ <http://www.hagander.net/>
Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2018-07-17 17:10:31 | Re: buildfarm server suddenly not talking to old SSL stacks? |
| Previous Message | Alvaro Herrera | 2018-07-17 17:08:48 | Re: buildfarm server suddenly not talking to old SSL stacks? |