Re: libpq SSL with non-blocking sockets

Steve Singer <ssinger_pg@sympatico.ca>

From: Steve Singer <ssinger_pg@sympatico.ca>
To: Martin Pihlak <martin.pihlak@gmail.com>
Cc: Robert Haas <robertmhaas@gmail.com>, PG Hackers <pgsql-hackers@postgresql.org>
Date: 2011-07-03T02:08:28Z
Lists: pgsql-hackers

Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. Improve libpq's error reporting for SSL failures.

  2. Use OpenSSL's SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER flag.

On 11-06-28 02:14 PM, Martin Pihlak wrote:
> Thanks for the review!
> I have since simplified the patch to assume that partial SSL writes are
> disabled -- according to SSL_write(3) this is the default behaviour.
> Now the SSL retry buffer only holds the data to be retried, the
> remainder is moved to the new outBuffer.
>

That sounds okay.  Does it make sense to add in a check to verify that 
SSL didn't send a partial write?  I don't know how bad openssl is about 
changing default behaviours or if we are concerned about protecting 
against someone changing the SSL parameters.  My inclination is that 
this isn't needed but I'll raise the issue.
Fixed.
> New version of the patch attached.
>

Otherwise this version of the patch looks good to me.

The only testing I have done is running the test program you sent 
earlier on in the thread and verified that the regression tests all 
pass.  Other than something like your test program I'm not sure how else 
this bug can be induced.

Since the original patch was submitted as a WIP patch and this version 
wasn't sent until well into the commit fest I am not sure if it 
qualifies for a committer during this commitfest or if it needs to wait 
until the next one.





> regards,
> Martin
>
>
>