Hi, On 2023-12-08 19:39:20 -0500, Tom Lane wrote: > Andres Freund <and...@anarazel.de> writes: > > On 2023-12-08 17:29:45 -0500, Tom Lane wrote: > >> Agreed. I think we want to do that after the initial handshake, > >> too, so maybe as attached. > > > I was wondering about that too. But if we do so, why not also do it for > > writes? > > Writes don't act that way, do they? EOF on a pipe gives you an error, > not silently reporting that zero bytes were written and leaving you > to retry indefinitely.
Err, yes. /me looks for a brown paper bag. > What I was wondering about was if we needed similar changes on the > libpq side, but it's still about reads not writes. Perhaps. It's probably harder to reach in practice. But there seems little reason to have a plausible codepath emitting "SSL SYSCALL error: Success", so instead mapping errno == 0 to "EOF detected" pgtls_read() and open_client_SSL() makes sense to me. I wish there were an easy userspace solution to simulating TCP connection failures. I know how to do it with iptables et al, but that's not great for automated testing in PG... Greetings, Andres Freund
