Tom Lane wrote: > raf <r...@raf.org> writes: > > i'm having a little openssl problem with pg_dump over a wireless > > lan with postgres-8.4SS (on linux) from enterprisedb and > > a macosx-10.6 client. > > > when i run pg_dump from a wired linux client it's always fine > > but since i switched from a macosx-10.4 laptop to a > > macosx-10.6 laptop, every time i run pg_dump from the laptop > > over the wireless lan, it's fine for a few minutes and then, > > 26% of the way in, it stalls and never completes. > > What this sounds like is you've got an openssl library with deliberately > broken renegotiate behavior. Google for CVE-2009-3555 to learn > something about why that might be. > > Assuming that "8.4SS" actually means 8.4.3 or later, you can work around > this by setting ssl_renegotiation_limit to zero in the server. But it'd > be better to get a copy of libssl with an actual fix, rather than a > braindead kluge, for the CVE problem.
the latest enterprisedb standard server is only 8.4.1 (New! 13-Oct-09) :-) > I'm not real sure which of the two ssl libraries you've got is at fault > (they might both be :-() both sides are using 0.9.7 so they're both vulnerable. i can probably replace the server's copy of libssl with a more recent version. the client end is a bit trickier. it's using a system libssl but both 0.9.7 and 0.9.8 are present in the same directory and it's using 0.9.7. no, removing 0.9.7 or overwriting it with 0.9.8 doesn't work. i didn't think it would. :) i think i'll have to switch from enterprisedb's standard server to the core distribution to get the latest version which hopefully uses the more recent libssl. many thanks. > regards, tom lane cheers, raf -- Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
