FAQ
In testing the fix for the SSL problem that Martin Pihlak reported, I
realized that libpq doesn't really cope very well with errors reported
by OpenSSL. In the case at hand, SSL_write returns an SSL_ERROR_SSL
code, which pqsecure_write quite reasonably handles by putting
"SSL error: bad write retry" into conn->errorMessage. However, it
then sets errno = ECONNRESET, which causes its caller pqSendSome()
to overwrite that potentially-useful message with an outright lie:
"server closed the connection unexpectedly".

I think what we ought to do is adjust the code so that in SSL mode,
pqsecure_write is responsible for constructing all error messages and
pqSendSome should just leave conn->errorMessage alone.

We could perhaps go a bit further and make pqsecure_write responsible
for the error message in non-SSL mode too, but it looks to me like
pqSendSome has to have a switch on the errno anyway to decide whether to
keep trying or not, so moving that responsibility would just lead to
duplicative coding.

Any objections?

regards, tom lane

Search Discussions

  • Magnus Hagander at Aug 10, 2011 at 11:10 am

    On Sun, Jul 24, 2011 at 20:48, Tom Lane wrote:
    In testing the fix for the SSL problem that Martin Pihlak reported, I
    realized that libpq doesn't really cope very well with errors reported
    by OpenSSL.  In the case at hand, SSL_write returns an SSL_ERROR_SSL
    code, which pqsecure_write quite reasonably handles by putting
    "SSL error: bad write retry" into conn->errorMessage.  However, it
    then sets errno = ECONNRESET, which causes its caller pqSendSome()
    to overwrite that potentially-useful message with an outright lie:
    "server closed the connection unexpectedly".

    I think what we ought to do is adjust the code so that in SSL mode,
    pqsecure_write is responsible for constructing all error messages and
    pqSendSome should just leave conn->errorMessage alone.

    We could perhaps go a bit further and make pqsecure_write responsible
    for the error message in non-SSL mode too, but it looks to me like
    pqSendSome has to have a switch on the errno anyway to decide whether to
    keep trying or not, so moving that responsibility would just lead to
    duplicative coding.

    Any objections?
    I haven't looked at the actual code but - does it make sense to have
    them responsible for different parts and append them? If not, then no
    objections ;)
  • Daniel Farina at Aug 23, 2011 at 1:04 am

    On Sun, Jul 24, 2011 at 11:48 AM, Tom Lane wrote:
    We could perhaps go a bit further and make pqsecure_write responsible
    for the error message in non-SSL mode too, but it looks to me like
    pqSendSome has to have a switch on the errno anyway to decide whether to
    keep trying or not, so moving that responsibility would just lead to
    duplicative coding.

    Any objections?
    No objection.

    Some users we have have been confused by this message. At first I
    thought it was an SSL renegotiation problem, but now I realize that
    the message is a lie, so anything can be the problem. A better
    message may well decrease support burden for us, and also help us find
    problems...

    --
    fdr

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppgsql-hackers @
categoriespostgresql
postedJul 24, '11 at 6:48p
activeAug 23, '11 at 1:04a
posts3
users3
websitepostgresql.org...
irc#postgresql

People

Translate

site design / logo © 2022 Grokbase