| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: Add hints about protocol-version-related SSL connection failures |
| Date: | 2020-06-27 16:48:12 |
| Message-ID: | E1jpDzw-0008LH-JY@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Add hints about protocol-version-related SSL connection failures.
OpenSSL's native reports about problems related to protocol version
restrictions are pretty opaque and inconsistent. When we get an
SSL error that is plausibly due to this, emit a hint message that
includes the range of SSL protocol versions we (think we) are
allowing. This should at least get the user thinking in the right
direction to resolve the problem, even if the hint isn't totally
accurate, which it might not be for assorted reasons.
Back-patch to v13 where we increased the default minimum protocol
version, thereby increasing the risk of this class of failure.
Patch by me, reviewed by Daniel Gustafsson
Discussion: https://postgr.es/m/a9408304-4381-a5af-d259-e55d349ae4ce@2ndquadrant.com
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/b63dd3d88f479947ef7fb7cbf5db27de66ae0654
Modified Files
--------------
src/backend/libpq/be-secure-openssl.c | 67 +++++++++++++++++++++++++++++++-
src/include/common/openssl.h | 23 ++++++++++-
src/interfaces/libpq/fe-secure-openssl.c | 39 +++++++++++++++++++
3 files changed, 127 insertions(+), 2 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2020-06-27 17:26:35 | pgsql: Fix list of SSL error codes for older OpenSSL versions. |
| Previous Message | Amit Kapila | 2020-06-27 11:57:20 | Re: pgsql: Enable Unix-domain sockets support on Windows |