Re: Recent vendor SSL renegotiation patches break PostgreSQL

On Mon, 22 Feb 2010 12:25:08 -0500, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Magnus Hagander <magnus(at)hagander(dot)net> writes:
>> 2010/2/22 Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>:
>>> Red Hat's already shipping the patch.  Dunno about other vendors.
>
>> Which patch? The one that breaks it, or the one that changes the
>> protocol?
>
> The one with the protocol change.
>
> I think we already missed the window where it would have been sensible
> to install a hack workaround for this. If we'd done that in November
> it might have been reasonable, but by now it's too late for any hack
> we install to spread much faster than fixed openssl libraries.

Perhaps I am missing something here but as it is not our bug but is a
known bug, why can't we just say:

ERROR: SSL FATAL: Renogiation failed. Check OpenSSL bug list

Yes the wording is miserable, change it but the point I think is clear.

I think it is completely reasonable to have warnings or errors that point
to other areas. If nothing else when it comes to our list we can say, "What
is the error message you get" and then we say,
"Did you check the OpenSSL bug list?".

I have to do similar things with PITRTools because of various unknown but
possibly successful states (like files changing underneath rsync).

Joshua D. Drake

--
PostgreSQL - XMPP: jdrake(at)jabber(dot)postgresql(dot)org
Consulting, Development, Support, Training
503-667-4564 - http://www.commandprompt.com/
The PostgreSQL Company, serving since 1997