> > In 7.3 if a client exists without disconnecting from the
> > database the
> > backend dumps core.
>
> I can't reproduce that.
What version of openssl are you using?
--Nate
---(end of broadcast)---
TIP 4: Don't 'kill -9' the postmaster
> > In 7.3 if a client exists without disconnecting from the
> > database the
> > backend dumps core.
>
> I can't reproduce that.
I'm sorry but you're going to have to send me more info about your
setup. I just did a fresh build on my home machine against Red Hat's
openssl and the problems got eve
> tested it with openssl 0.9.6e and it worked on BSD/OS 4.2. The author
> is only involved intermittently. I worked with him to get it
> working on
> 7.3. It is certainly possible there are other bugs in there.
Slow night so I learned a little about SSL and figured this out. The
following patch
Ok, I tested this out with TLSv1 and it worked fine. I found that the
same mistake was being made on the client side of things too so I
included a patch for that too.
--Nate
Index: src/backend/libpq/be-secure.c
===
RCS file:
> There was a conscious decision in 7.3 to require only 7.3 clients when
> using SSL. I don't remember how many people were involved in that
> discussion, but I know it was made. In fact, there was so much new SSL
> code in 7.3, I suspected we couldn't even make it work with pre-7.2
> clients. I am
Ick, my email client wrapped that really weird. That's why the
double strerror is there too -- the first one should be part of the
previous line.
I've found that you can still get the server to crash in the other
error cases or when SSL_read/write returns -1. Since that happens
whenever you try to
Ok, I think I've gotten this figured out now. I saw this comment in pqcomm.c,
switched the ERROR logs to COMMERROR logs and it all works. I've attached a
patch to be-secure.c that fixes all my problems. Hopefully this is the right fix.
--Nate
/*
* Careful: an elog() that tri
I was playing around with 7.3.1 and found some more SSL problems. The first,
that I missed when checking over 7.3.1, was that the client method was switched
to SSLv23 along with the server. The SSLv23 client method does SSLv2 by
default, but can also understand SSLv3. In our situation the SSLv2
Has anyone looked at these yet?
--Nate
---(end of broadcast)---
TIP 5: Have you checked our extensive FAQ?
http://www.postgresql.org/users-lounge/docs/faq.html
