Hi, On 2023-12-08 13:23:50 -0500, Tom Lane wrote: > Andres Freund <and...@anarazel.de> writes: > > On 2023-12-08 10:05:09 -0500, Tom Lane wrote: > >> ... there was already opinion upthread that this should be on by > >> default, which I agree with. You shouldn't be hitting cases like > >> this commonly (if so, they're bugs to fix or the errcode should be > >> rethought), and the failure might be pretty hard to reproduce. > > > FWIW, I did some analysis on aggregated logs on a larger number of machines, > > and it does look like that'd be a measurable increase in log volume. There > > are > > a few voluminous internal errors in core, but the bigger issue is > > extensions. They are typically much less disciplined about assigning error > > codes than core PG is. > > Well, I don't see much wrong with making a push to assign error codes > to more calls.
Oh, very much agreed. But I suspect we won't quickly do the same for out-of-core extensions... > Certainly these SSL failures are not "internal" errors. > > > could not accept SSL connection: %m - with zero errno > > ... > > I'm a bit confused about the huge number of "could not accept SSL > > connection: > > %m" with a zero errno. I guess we must be clearing errno somehow, but I > > don't > > immediately see where. Or perhaps we need to actually look at what > > SSL_get_error() returns? > > Hmm, don't suppose you have a way to reproduce that? After a bit of trying, yes. I put an abort() into pgtls_open_client(), after initialize_SSL(). Connecting does result in: LOG: could not accept SSL connection: Success Greetings, Andres Freund