I wrote: >>> I have found a small but annoying bug in libpq where >>> connection parameters are resolved via LDAP. > > I have attached a new version of the patch that should address all known > problems.
FWIW, I ran valgrind on psql establishing an SSL connection, and I found some messages like this: ==26437== Conditional jump or move depends on uninitialised value(s) ==26437== at 0x423DDC8: BN_mod_inverse (in /lib/libcrypto.so.0.9.7a) ==26437== by 0x4241EDC: BN_MONT_CTX_set (in /lib/libcrypto.so.0.9.7a) ==26437== by 0x4243E28: ??? (in /lib/libcrypto.so.0.9.7a) ==26437== by 0x424553D: RSA_public_decrypt (in /lib/libcrypto.so.0.9.7a) ==26437== by 0x4245F15: RSA_verify (in /lib/libcrypto.so.0.9.7a) ==26437== by 0x41D1192: ??? (in /lib/libssl.so.0.9.7a) ==26437== by 0x41CFC2A: ssl3_connect (in /lib/libssl.so.0.9.7a) ==26437== by 0x41DC939: SSL_connect (in /lib/libssl.so.0.9.7a) ==26437== by 0x403DF47: open_client_SSL (fe-secure.c:1161) ==26437== by 0x403C903: pqsecure_open_client (fe-secure.c:284) ==26437== by 0x402908F: PQconnectPoll (fe-connect.c:2113) ==26437== by 0x4028301: connectDBComplete (fe-connect.c:1463) and ==26437== Use of uninitialised value of size 4 ==26437== at 0x42387A5: BN_num_bits_word (in /lib/libcrypto.so.0.9.7a) ==26437== by 0x4238833: BN_num_bits (in /lib/libcrypto.so.0.9.7a) ==26437== by 0x423788A: BN_mod_exp_mont_consttime (in /lib/libcrypto.so.0.9.7a) ==26437== by 0x4237657: BN_mod_exp_mont (in /lib/libcrypto.so.0.9.7a) ==26437== by 0x424A51D: ??? (in /lib/libcrypto.so.0.9.7a) ==26437== by 0x424A1DB: ??? (in /lib/libcrypto.so.0.9.7a) ==26437== by 0x424A061: DH_generate_key (in /lib/libcrypto.so.0.9.7a) ==26437== by 0x41D1EF9: ??? (in /lib/libssl.so.0.9.7a) ==26437== by 0x41CFD1E: ssl3_connect (in /lib/libssl.so.0.9.7a) ==26437== by 0x41DC939: SSL_connect (in /lib/libssl.so.0.9.7a) ==26437== by 0x403DF47: open_client_SSL (fe-secure.c:1161) ==26437== by 0x403C903: pqsecure_open_client (fe-secure.c:284) All in the same call of SSL_connect in open_client_SSL. I've never worked with SSL, but it looks to me like something in the SSL data structure is uninitialized. Don't know if that's a serious problem or not. Yours, Laurenz Albe -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers