public inbox for [email protected]
help / color / mirror / Atom feedFrom: Daniel Gustafsson <[email protected]>
To: Tom Lane <[email protected]>
Cc: Stephen Frost <[email protected]>
Cc: Heikki Linnakangas <[email protected]>
Cc: David Zhang <[email protected]>
Cc: Pgsql Hackers <[email protected]>
Subject: Re: improve ssl error code, 2147483650
Date: Thu, 7 Mar 2024 21:08:56 +0100
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
> On 7 Mar 2024, at 20:58, Tom Lane <[email protected]> wrote:
>
> I wrote:
>> Stephen Frost <[email protected]> writes:
>>> Agreed that it doesn't seem well documented. I was trying to figure out
>>> what the 'right' answer here was myself and not having much success. If
>>> the above works, then +1 to that.
>
>> My reaction as well --- I was just gearing up to test this idea,
>> unless one of you are already on it?
>
> I've confirmed that this:
>
> diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
> index e12b1cc9e3..47eee4b59d 100644
> --- a/src/backend/libpq/be-secure-openssl.c
> +++ b/src/backend/libpq/be-secure-openssl.c
> @@ -1363,6 +1363,10 @@ SSLerrmessage(unsigned long ecode)
> errreason = ERR_reason_error_string(ecode);
> if (errreason != NULL)
> return errreason;
> +#ifdef ERR_SYSTEM_ERROR
> + if (ERR_SYSTEM_ERROR(ecode))
> + return strerror(ERR_GET_REASON(ecode));
> +#endif
> snprintf(errbuf, sizeof(errbuf), _("SSL error code %lu"), ecode);
> return errbuf;
> }
>
> seems to be enough to fix the problem on OpenSSL 3.1.1. The #ifdef
> is needed to avoid compile failure against OpenSSL 1.1.1 --- but that
> version doesn't have the problem, so we don't need to sweat.
This was introduced in OpenSSL 3.0.0 so that makes sense. Pre-3.0.0 versions
truncates system errorcodes that was outside of the range 1..127 reserving the
rest for OpenSSL specific errors. To capture the full range possible of system
errors the code is no longer truncated and the ERR_SYSTEM_FLAG flag is set,
which can be tested for with the macro used here.
> This could probably do with a comment, and we need to propagate
> the fix into libpq's copy of the function too. Barring objections,
> I'll take care of that and push it later today.
LGTM.
--
Daniel Gustafsson
view thread (2+ messages)
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
Subject: Re: improve ssl error code, 2147483650
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox