Re: [HACKERS] Failing SSL connection due to weird interaction with openssl

2012-12-10 Thread Tom Lane
Robert Haas writes: > FWICS, this kind of problem is endemic in OpenSSL, which > also doesn't seem to believe in comprehensive documentation or code > comments. It would be nice if we had an API to some other, less > crappy encryption library; or maybe even some generic API that lets > you easily

Re: [HACKERS] Failing SSL connection due to weird interaction with openssl

2012-12-10 Thread Robert Haas
On Sat, Dec 8, 2012 at 11:07 AM, Andres Freund wrote: > As there hasn't been any new input since this comment I am marking the > patch as "Rejected" in the CF application. Sounds good. FWIW, even if we were going to accept this, I can't imagine back-patching it. Users will come after us with pi

Re: [HACKERS] Failing SSL connection due to weird interaction with openssl

2012-12-08 Thread Andres Freund
On 2012-11-26 21:45:32 -0500, Tom Lane wrote: > Alvaro Herrera writes: > > I gather that this is supposed to be back-patched to all supported > > branches. > > FWIW, I don't like that patch any better than Robert does. It seems > as likely to do harm as good. If there are places where libpq itse

Re: [HACKERS] Failing SSL connection due to weird interaction with openssl

2012-11-26 Thread Tom Lane
Alvaro Herrera writes: > I gather that this is supposed to be back-patched to all supported > branches. FWIW, I don't like that patch any better than Robert does. It seems as likely to do harm as good. If there are places where libpq itself is leaving entries on the error stack, we should fix t

Re: [HACKERS] Failing SSL connection due to weird interaction with openssl

2012-11-26 Thread Alvaro Herrera
Lars Kanis wrote: > While investigating a ruby-pg issue [1], we noticed that a libpq SSL > connection can fail, if the running application uses OpenSSL for > other work, too. Root cause is the thread local error queue of > OpenSSL, that is used to transmit textual error messages to the > applicatio

Re: [HACKERS] Failing SSL connection due to weird interaction with openssl

2012-11-11 Thread Lars Kanis
Am 06.11.2012 21:40, schrieb Robert Haas: > On Tue, Oct 23, 2012 at 4:09 AM, Lars Kanis wrote: >> While investigating a ruby-pg issue [1], we noticed that a libpq SSL >> connection can fail, if the running application uses OpenSSL for other work, >> too. Root cause is the thread local error queue

Re: [HACKERS] Failing SSL connection due to weird interaction with openssl

2012-11-06 Thread Robert Haas
On Tue, Oct 23, 2012 at 4:09 AM, Lars Kanis wrote: > While investigating a ruby-pg issue [1], we noticed that a libpq SSL > connection can fail, if the running application uses OpenSSL for other work, > too. Root cause is the thread local error queue of OpenSSL, that is used to > transmit textual

[HACKERS] Failing SSL connection due to weird interaction with openssl

2012-10-23 Thread Lars Kanis
While investigating a ruby-pg issue [1], we noticed that a libpq SSL connection can fail, if the running application uses OpenSSL for other work, too. Root cause is the thread local error queue of OpenSSL, that is used to transmit textual error messages to the application after a failed crypto