Re: [BUGS] Bug #838: SSL problems in 7.3

Mon, 09 Dec 2002 22:01:34 -0800 

>  tested it with openssl 0.9.6e and it worked on BSD/OS 4.2. The author
> is only involved intermittently. I worked with him to get it
> working on
> 7.3.  It is certainly possible there are other bugs in there.

Slow night so I learned a little about SSL and figured this out. The
following patch does two things.

First it switches the ssl method back to SSLv23 so pre-7.3 SSL clients
will work with new databases. I made the switch in both the client and
the server, but the server change is all you really need. The second is
to ignore the SSL syscall error when n is 0 since that means EOF.

This fixes both of my problems, hope it works for everyone else too.

        --Nate

diff -ur postgresql-7.3/src/backend/libpq/be-secure.c
postgresql-7.3.patched/src/backend/libpq/be-secure.c
--- postgresql-7.3/src/backend/libpq/be-secure.c Thu Nov 7 12:47:08 2002
+++ postgresql-7.3.patched/src/backend/libpq/be-secure.c Mon Dec 9
23:47:45 2002
@@ -288,7 +288,8 @@
                        case SSL_ERROR_WANT_READ:
                                break;
                        case SSL_ERROR_SYSCALL:
-                               elog(ERROR, "SSL SYSCALL error: %s",
                                strerror(errno));
+                               if (n == -1)
+                                   elog(ERROR, "SSL SYSCALL error: %s",
                                    strerror(errno));
                                break;
                        case SSL_ERROR_SSL:
                                elog(ERROR, "SSL error: %s",
                                SSLerrmessage());
@@ -585,7 +586,7 @@
        {
                SSL_library_init();
                SSL_load_error_strings();
-               SSL_context = SSL_CTX_new(TLSv1_method());
+               SSL_context = SSL_CTX_new(SSLv23_method());
                if (!SSL_context)
                {
                        postmaster_error("failed to create SSL
                        context: %s",
diff -ur postgresql-7.3/src/interfaces/libpq/fe-secure.c
postgresql-7.3.patched/src/interfaces/libpq/fe-secure.c
--- postgresql-7.3/src/interfaces/libpq/fe-secure.c Thu Nov 7
12:47:08 2002
+++ postgresql-7.3.patched/src/interfaces/libpq/fe-secure.c Mon Dec 9
23:42:40 2002
@@ -712,7 +712,7 @@
        {
                SSL_library_init();
                SSL_load_error_strings();
-               SSL_context = SSL_CTX_new(TLSv1_method());
+               SSL_context = SSL_CTX_new(SSLv23_method());
                if (!SSL_context)
                {
                        printfPQExpBuffer(&conn->errorMessage,
Only in postgresql-7.3.patched/src/interfaces/libpq: fe-secure.c~

---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to [EMAIL PROTECTED] so that your
message can get through to the mailing list cleanly

Reply via email to