]> granicus.if.org Git - postgresql/commitdiff
Use OpenSSL's SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER flag.
authorTom Lane <tgl@sss.pgh.pa.us>
Sun, 24 Jul 2011 19:17:56 +0000 (15:17 -0400)
committerTom Lane <tgl@sss.pgh.pa.us>
Sun, 24 Jul 2011 19:17:56 +0000 (15:17 -0400)
This disables an entirely unnecessary "sanity check" that causes failures
in nonblocking mode, because OpenSSL complains if we move or compact the
write buffer.  The only actual requirement is that we not modify pending
data once we've attempted to send it, which we don't.  Per testing and
research by Martin Pihlak, though this fix is a lot simpler than his patch.

I put the same change into the backend, although it's less clear whether
it's necessary there.  We do use nonblock mode in some situations in
streaming replication, so seems best to keep the same behavior in the
backend as in libpq.

Back-patch to all supported releases.

src/backend/libpq/be-secure.c
src/interfaces/libpq/fe-secure.c

index f84ef5d506e1ae08a7733d55784a3f8029972d7a..4e8faa4f35c3d7b779abfaf3e03c54bfc366fe8f 100644 (file)
@@ -736,6 +736,12 @@ initialize_SSL(void)
                                        (errmsg("could not create SSL context: %s",
                                                        SSLerrmessage())));
 
+               /*
+                * Disable OpenSSL's moving-write-buffer sanity check, because it
+                * causes unnecessary failures in nonblocking send cases.
+                */
+               SSL_CTX_set_mode(SSL_context, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
+
                /*
                 * Load and verify server's certificate and private key
                 */
index cd1292ccb610228805cc95d77b9336bbe7da5258..9319f972c8168771e5fd4f420be3328bfee58064 100644 (file)
@@ -757,6 +757,12 @@ init_ssl_system(PGconn *conn)
 #endif
                        return -1;
                }
+
+               /*
+                * Disable OpenSSL's moving-write-buffer sanity check, because it
+                * causes unnecessary failures in nonblocking send cases.
+                */
+               SSL_CTX_set_mode(SSL_context, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
        }
 
 #ifdef ENABLE_THREAD_SAFETY