Commit e8e1d455 authored by Tom Lane's avatar Tom Lane

SSL_read/SSL_write do not approximate the return conventions of recv()

and send() very well at all; and in any case we can't use retval==0
for EOF due to race conditions.  Make the same fixes in the backend as
are required in libpq.
parent 39a9496d
...@@ -11,7 +11,7 @@ ...@@ -11,7 +11,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/libpq/be-secure.c,v 1.39 2003/08/04 02:39:59 momjian Exp $ * $Header: /cvsroot/pgsql/src/backend/libpq/be-secure.c,v 1.40 2003/08/04 17:58:14 tgl Exp $
* *
* Since the server static private key ($DataDir/server.key) * Since the server static private key ($DataDir/server.key)
* will normally be stored unencrypted so that the database * will normally be stored unencrypted so that the database
...@@ -273,9 +273,13 @@ rloop: ...@@ -273,9 +273,13 @@ rloop:
(errcode_for_socket_access(), (errcode_for_socket_access(),
errmsg("SSL SYSCALL error: %m"))); errmsg("SSL SYSCALL error: %m")));
else else
{
ereport(COMMERROR, ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION), (errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("SSL SYSCALL error: EOF detected"))); errmsg("SSL SYSCALL error: EOF detected")));
errno = ECONNRESET;
n = -1;
}
break; break;
case SSL_ERROR_SSL: case SSL_ERROR_SSL:
ereport(COMMERROR, ereport(COMMERROR,
...@@ -283,7 +287,6 @@ rloop: ...@@ -283,7 +287,6 @@ rloop:
errmsg("SSL error: %s", SSLerrmessage()))); errmsg("SSL error: %s", SSLerrmessage())));
/* fall through */ /* fall through */
case SSL_ERROR_ZERO_RETURN: case SSL_ERROR_ZERO_RETURN:
secure_close(port);
errno = ECONNRESET; errno = ECONNRESET;
n = -1; n = -1;
break; break;
...@@ -291,6 +294,7 @@ rloop: ...@@ -291,6 +294,7 @@ rloop:
ereport(COMMERROR, ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION), (errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("unrecognized SSL error code"))); errmsg("unrecognized SSL error code")));
n = -1;
break; break;
} }
} }
...@@ -353,9 +357,13 @@ wloop: ...@@ -353,9 +357,13 @@ wloop:
(errcode_for_socket_access(), (errcode_for_socket_access(),
errmsg("SSL SYSCALL error: %m"))); errmsg("SSL SYSCALL error: %m")));
else else
{
ereport(COMMERROR, ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION), (errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("SSL SYSCALL error: EOF detected"))); errmsg("SSL SYSCALL error: EOF detected")));
errno = ECONNRESET;
n = -1;
}
break; break;
case SSL_ERROR_SSL: case SSL_ERROR_SSL:
ereport(COMMERROR, ereport(COMMERROR,
...@@ -363,7 +371,6 @@ wloop: ...@@ -363,7 +371,6 @@ wloop:
errmsg("SSL error: %s", SSLerrmessage()))); errmsg("SSL error: %s", SSLerrmessage())));
/* fall through */ /* fall through */
case SSL_ERROR_ZERO_RETURN: case SSL_ERROR_ZERO_RETURN:
secure_close(port);
errno = ECONNRESET; errno = ECONNRESET;
n = -1; n = -1;
break; break;
...@@ -371,6 +378,7 @@ wloop: ...@@ -371,6 +378,7 @@ wloop:
ereport(COMMERROR, ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION), (errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("unrecognized SSL error code"))); errmsg("unrecognized SSL error code")));
n = -1;
break; break;
} }
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment