Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1riK38-00GZnt-K3 for pgsql-hackers@arkaria.postgresql.org; Thu, 07 Mar 2024 20:09:07 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1riK36-008FJi-IV for pgsql-hackers@arkaria.postgresql.org; Thu, 07 Mar 2024 20:09:05 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1riK36-008FJa-5W for pgsql-hackers@lists.postgresql.org; Thu, 07 Mar 2024 20:09:04 +0000 Received: from smtp.outgoing.loopia.se ([93.188.3.37]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1riK32-003MfB-8x for pgsql-hackers@lists.postgresql.org; Thu, 07 Mar 2024 20:09:03 +0000 Received: from s807.loopia.se (localhost [127.0.0.1]) by s807.loopia.se (Postfix) with ESMTP id CB53F2FF9D00 for ; Thu, 7 Mar 2024 21:08:57 +0100 (CET) Received: from s981.loopia.se (unknown [172.22.191.5]) by s807.loopia.se (Postfix) with ESMTP id B9D152E2A389; Thu, 7 Mar 2024 21:08:57 +0100 (CET) Received: from s471.loopia.se (unknown [172.22.191.5]) by s981.loopia.se (Postfix) with ESMTP id B714322B175D; Thu, 7 Mar 2024 21:08:57 +0100 (CET) X-Virus-Scanned: amavisd-new at amavis.loopia.se X-Spam-Flag: NO X-Spam-Score: -1.21 X-Spam-Level: X-Spam-Status: No, score=-1.21 tagged_above=-999 required=6.2 tests=[ALL_TRUSTED=-1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=disabled Authentication-Results: s471.loopia.se (amavisd-new); dkim=pass (2048-bit key) header.d=yesql.se Received: from s934.loopia.se ([172.22.191.5]) by s471.loopia.se (s471.loopia.se [172.22.190.35]) (amavisd-new, port 10024) with LMTP id FjIFGblaMwIv; Thu, 7 Mar 2024 21:08:57 +0100 (CET) X-Loopia-Auth: user X-Loopia-User: daniel@yesql.se X-Loopia-Originating-IP: 89.255.232.193 Received: from smtpclient.apple (customer-89-255-232-193.stosn.net [89.255.232.193]) (Authenticated sender: daniel@yesql.se) by s934.loopia.se (Postfix) with ESMTPSA id F30487CEA66; Thu, 7 Mar 2024 21:08:56 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yesql.se; s=loopiadkim1707475645; t=1709842137; bh=bdMRsECOC1NoXcEDjhVdfQospAiOcIoJVL76qayOR/Q=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=ik0cKGI0HM3nd5AevkLCw6W4w7Slm5Kjj9YSz1Fluwc+UzWDXl1FuegSdsCHKEbDy VKRsboH6J7v1YtZmA45Im4+gHOr+KS5Pk76Ludikuerog09FX4iWvWVNQAXri5FgZn s78AUn+/RZjcZwIWjRifZuCAUKOvPyyUppGF6aULBYquykLnrLnWbL8BzE7OZElslL 2Mgbdu4ehgt20OZ1eK63LZYJhUIyODrtkmjqxuktq9q5ulnnoMwOPnd3kT0Uckowi5 p2ZQCzU8X6qFrCPHHwvW+yVNj6i8ndd03lcU4nq8X5QqyS9u2HBzZest5jf3XCEIXC RWE2gp1liAH0g== Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.4\)) Subject: Re: improve ssl error code, 2147483650 From: Daniel Gustafsson In-Reply-To: <563351.1709841511@sss.pgh.pa.us> Date: Thu, 7 Mar 2024 21:08:56 +0100 Cc: Stephen Frost , Heikki Linnakangas , David Zhang , Pgsql Hackers Content-Transfer-Encoding: quoted-printable Message-Id: <61B1CFBD-14F8-4ECE-816E-6618FD68781C@yesql.se> References: <86932ed6-e4b3-44cd-abf2-7f0173dea782@iki.fi> <537905.1709833932@sss.pgh.pa.us> <563351.1709841511@sss.pgh.pa.us> To: Tom Lane X-Mailer: Apple Mail (2.3696.120.41.1.4) List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk > On 7 Mar 2024, at 20:58, Tom Lane wrote: >=20 > I wrote: >> Stephen Frost writes: >>> Agreed that it doesn't seem well documented. I was trying to figure = out >>> what the 'right' answer here was myself and not having much success. = If >>> the above works, then +1 to that. >=20 >> My reaction as well --- I was just gearing up to test this idea, >> unless one of you are already on it? >=20 > I've confirmed that this: >=20 > diff --git a/src/backend/libpq/be-secure-openssl.c = b/src/backend/libpq/be-secure-openssl.c > index e12b1cc9e3..47eee4b59d 100644 > --- a/src/backend/libpq/be-secure-openssl.c > +++ b/src/backend/libpq/be-secure-openssl.c > @@ -1363,6 +1363,10 @@ SSLerrmessage(unsigned long ecode) > errreason =3D ERR_reason_error_string(ecode); > if (errreason !=3D NULL) > return errreason; > +#ifdef ERR_SYSTEM_ERROR > + if (ERR_SYSTEM_ERROR(ecode)) > + return strerror(ERR_GET_REASON(ecode)); > +#endif > snprintf(errbuf, sizeof(errbuf), _("SSL error code %lu"), = ecode); > return errbuf; > } >=20 > seems to be enough to fix the problem on OpenSSL 3.1.1. The #ifdef > is needed to avoid compile failure against OpenSSL 1.1.1 --- but that > version doesn't have the problem, so we don't need to sweat. This was introduced in OpenSSL 3.0.0 so that makes sense. Pre-3.0.0 = versions truncates system errorcodes that was outside of the range 1..127 = reserving the rest for OpenSSL specific errors. To capture the full range possible of = system errors the code is no longer truncated and the ERR_SYSTEM_FLAG flag is = set, which can be tested for with the macro used here. > This could probably do with a comment, and we need to propagate > the fix into libpq's copy of the function too. Barring objections, > I'll take care of that and push it later today. LGTM. -- Daniel Gustafsson