From: | Joshua Brindle <joshua(dot)brindle(at)crunchydata(dot)com> |
---|---|
To: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
Cc: | Kevin Burke <kevin(at)burke(dot)dev>, Jacob Champion <pchampion(at)vmware(dot)com>, "pgsql-hackers(at)lists(dot)postgresql(dot)org" <pgsql-hackers(at)lists(dot)postgresql(dot)org>, "hlinnaka(at)iki(dot)fi" <hlinnaka(at)iki(dot)fi>, "andrew(dot)dunstan(at)2ndquadrant(dot)com" <andrew(dot)dunstan(at)2ndquadrant(dot)com>, "sfrost(at)snowman(dot)net" <sfrost(at)snowman(dot)net>, "rachelmheaton(at)gmail(dot)com" <rachelmheaton(at)gmail(dot)com>, "thomas(dot)munro(at)gmail(dot)com" <thomas(dot)munro(at)gmail(dot)com>, "michael(at)paquier(dot)xyz" <michael(at)paquier(dot)xyz>, "andres(at)anarazel(dot)de" <andres(at)anarazel(dot)de> |
Subject: | Re: Support for NSS as a libpq TLS backend |
Date: | 2021-11-24 13:49:10 |
Message-ID: | CAGB+Vh4e1TK-xRmzAPA8E=qWh8OMfN++8ed-iVG6Zq66gtpFpg@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Wed, Nov 24, 2021 at 8:46 AM Joshua Brindle
<joshua(dot)brindle(at)crunchydata(dot)com> wrote:
>
> On Wed, Nov 24, 2021 at 6:59 AM Daniel Gustafsson <daniel(at)yesql(dot)se> wrote:
> >
> > > On 23 Nov 2021, at 23:39, Joshua Brindle <joshua(dot)brindle(at)crunchydata(dot)com> wrote:
> >
> > > It no longer happens with v49, since it was a null deref of the pr_fd
> > > which no longer happens.
> > >
> > > I'll continue testing now, so far it's looking better.
> >
> > Great, thanks for confirming. I'm still keen on knowing how you triggered the
> > segfault so I can ensure there are no further bugs around there.
> >
>
> It happened when I ran psql with hostssl on the server but before I'd
> initialized my client certificate store.
I don't know enough about NSS to know if this is problematic or not
but if I try verify-full without having the root CA in the certificate
store I get:
$ /usr/pgsql-15/bin/psql "host=localhost sslmode=verify-full user=postgres"
psql: error: SSL error: Issuer certificate is invalid.
unable to shut down NSS context: NSS could not shutdown. Objects are
still in use.
From | Date | Subject | |
---|---|---|---|
Next Message | Robert Haas | 2021-11-24 13:49:15 | Re: Rename dead_tuples to dead_items in vacuumlazy.c |
Previous Message | Joshua Brindle | 2021-11-24 13:46:35 | Re: Support for NSS as a libpq TLS backend |