]> granicus.if.org Git - postgresql/commitdiff
projects / postgresql / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e9d4aa5)
Treat clean shutdown of an SSL connection same as the non-SSL case.
authorHeikki Linnakangas <heikki.linnakangas@iki.fi>
Mon, 3 Jul 2017 11:51:51 +0000 (14:51 +0300)
committerHeikki Linnakangas <heikki.linnakangas@iki.fi>
Mon, 3 Jul 2017 11:53:01 +0000 (14:53 +0300)
If the client closes an SSL connection, treat it the same as EOF on a
non-SSL connection. In particular, don't write a message in the log about
that.

Michael Paquier.

Discussion: https://www.postgresql.org/message-id/CAB7nPqSfyVV42Q2acFo%3DvrvF2gxoZAMJLAPq3S3KkjhZAYi7aw@mail.gmail.com

src/backend/libpq/be-secure-openssl.c patch | blob | history

diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
index 3a39cb7dc6b64da2e70767d8ae54c1c5b775de86..2ff9d1cf857c41147030017f64437193c8372ed7 100644 (file)
--- a/src/backend/libpq/be-secure-openssl.c
+++ b/src/backend/libpq/be-secure-openssl.c
@@ -582,11 +582,13 @@ be_tls_read(Port *port, void *ptr, size_t len, int *waitfor)
                        ereport(COMMERROR,
                                        (errcode(ERRCODE_PROTOCOL_VIOLATION),
                                         errmsg("SSL error: %s", SSLerrmessage(ecode))));
-                       /* fall through */
-               case SSL_ERROR_ZERO_RETURN:
                        errno = ECONNRESET;
                        n = -1;
                        break;
+               case SSL_ERROR_ZERO_RETURN:
+                       /* connection was cleanly shut down by peer */
+                       n = 0;
+                       break;
                default:
                        ereport(COMMERROR,
                                        (errcode(ERRCODE_PROTOCOL_VIOLATION),
@@ -642,8 +644,14 @@ be_tls_write(Port *port, void *ptr, size_t len, int *waitfor)
                        ereport(COMMERROR,
                                        (errcode(ERRCODE_PROTOCOL_VIOLATION),
                                         errmsg("SSL error: %s", SSLerrmessage(ecode))));
-                       /* fall through */
+                       errno = ECONNRESET;
+                       n = -1;
+                       break;
                case SSL_ERROR_ZERO_RETURN:
+                       /*
+                        * the SSL connnection was closed, leave it to the caller
+                        * to ereport it
+                        */
                        errno = ECONNRESET;
                        n = -1;
                        break;
Unnamed repository; edit this file 'description' to name the repository.