Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1riJt6-00GYwo-I7 for pgsql-hackers@arkaria.postgresql.org; Thu, 07 Mar 2024 19:58:44 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1riJt4-008Cfb-SC for pgsql-hackers@arkaria.postgresql.org; Thu, 07 Mar 2024 19:58:43 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1riJt4-008CfQ-Ix for pgsql-hackers@lists.postgresql.org; Thu, 07 Mar 2024 19:58:43 +0000 Received: from sss.pgh.pa.us ([68.162.161.243]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1riJsx-003May-3G for pgsql-hackers@lists.postgresql.org; Thu, 07 Mar 2024 19:58:41 +0000 Received: from sss1.sss.pgh.pa.us (localhost [127.0.0.1]) by sss.pgh.pa.us (8.15.2/8.15.2) with ESMTP id 427JwVSb563352; Thu, 7 Mar 2024 14:58:31 -0500 From: Tom Lane To: Stephen Frost cc: Heikki Linnakangas , David Zhang , Pgsql Hackers Subject: Re: improve ssl error code, 2147483650 In-reply-to: <537905.1709833932@sss.pgh.pa.us> References: <86932ed6-e4b3-44cd-abf2-7f0173dea782@iki.fi> <537905.1709833932@sss.pgh.pa.us> Comments: In-reply-to Tom Lane message dated "Thu, 07 Mar 2024 12:52:12 -0500" MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <563350.1709841511.1@sss.pgh.pa.us> Content-Transfer-Encoding: quoted-printable Date: Thu, 07 Mar 2024 14:58:31 -0500 Message-ID: <563351.1709841511@sss.pgh.pa.us> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk I wrote: > Stephen Frost writes: >> Agreed that it doesn't seem well documented. I was trying to figure ou= t >> what the 'right' answer here was myself and not having much success. I= f >> the above works, then +1 to that. > My reaction as well --- I was just gearing up to test this idea, > unless one of you are already on it? I've confirmed that this: diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-= secure-openssl.c index e12b1cc9e3..47eee4b59d 100644 --- a/src/backend/libpq/be-secure-openssl.c +++ b/src/backend/libpq/be-secure-openssl.c @@ -1363,6 +1363,10 @@ SSLerrmessage(unsigned long ecode) errreason =3D ERR_reason_error_string(ecode); if (errreason !=3D NULL) return errreason; +#ifdef ERR_SYSTEM_ERROR + if (ERR_SYSTEM_ERROR(ecode)) + return strerror(ERR_GET_REASON(ecode)); +#endif snprintf(errbuf, sizeof(errbuf), _("SSL error code %lu"), ecode); return errbuf; } seems to be enough to fix the problem on OpenSSL 3.1.1. The #ifdef is needed to avoid compile failure against OpenSSL 1.1.1 --- but that version doesn't have the problem, so we don't need to sweat. This could probably do with a comment, and we need to propagate the fix into libpq's copy of the function too. Barring objections, I'll take care of that and push it later today. regards, tom lane