Hi Tatsuo, AFAIK this was generated from a branch based of of latest CVS HEAD. To make sure it wasn't a problem with my use of git/git-cvsimport, I've downloaded the patch from the mailing list and verified that it applies in a fresh CVS checkout:
rangda[/tmp] cvs -d :pserver:[email protected]:/cvsroot/pgpool co pgpool-II <snip> rangda[/tmp/pgpool-II] patch < ~/ssl.patch :) patching file pool_ssl.c Are you certain you don't have local changes to these files? Regards, sean On Wed, Feb 03, 2010 at 12:00:07PM +0900, Tatsuo Ishii wrote: > Sean, > > > All previously handled errors related to the OpenSSL engine are now > > handled with a macro and a small static function in order to both > > produce more informative errors as well as commonize some duplicate > > code in pool_ssl.c > > Thanks for the patches. However following fragment does not apply > cleanly. Can you please regenerate patches against CVS HEAD? Or > provide me in a different patch style? > -- > Tatsuo Ishii > SRA OSS, Inc. Japan > English: http://www.sraoss.co.jp/index_en.php > Japanese: http://www.sraoss.co.jp > > ------------------------------------------------------------- > *************** > *** 145,171 **** > if (strlen(pool_config->ssl_ca_cert_dir)) > cacert_dir = pool_config->ssl_ca_cert_dir; > > - if ( (!error) && (cacert || cacert_dir) ) { > - if (! SSL_CTX_load_verify_locations(cp->ssl_ctx, > cacert, cacert_dir)) { > - pool_error("pool_ssl: SSL CA load error: %ld", > ERR_get_error()); > - error = -1; > - } else { > - SSL_CTX_set_verify(cp->ssl_ctx, > SSL_VERIFY_PEER, NULL); > - } > } > - > } > > - if (! error) { > - cp->ssl = SSL_new(cp->ssl_ctx); > - if (! cp->ssl) { > - pool_error("pool_ssl: SSL_new failed: %ld", > ERR_get_error()); > - error = -1; > - } > } > > - return error; > } > > #else /* USE_SSL: wrap / no-op ssl functionality if it's not available */ > - - > --- 152,189 ---- > if (strlen(pool_config->ssl_ca_cert_dir)) > cacert_dir = pool_config->ssl_ca_cert_dir; > > + if ( cacert || cacert_dir ) { > + error = (!SSL_CTX_load_verify_locations(cp->ssl_ctx, > + cacert, > + cacert_dir)); > + SSL_RETURN_ERROR_IF(error, "SSL verification setup"); > + SSL_CTX_set_verify(cp->ssl_ctx, SSL_VERIFY_PEER, NULL); > } > } > > + cp->ssl = SSL_new(cp->ssl_ctx); > + SSL_RETURN_ERROR_IF( (! cp->ssl), "SSL_new"); > + > + return 0; > + } > + > + static void perror_ssl(const char *context) { > + unsigned long err; > + static const char *no_err_reason = "no SSL error reported"; > + const char *reason; > + > + err = ERR_get_error(); > + if (! err) { > + reason = no_err_reason; > + } else { > + reason = ERR_reason_error_string(err); > } > > + if (reason != NULL) { > + pool_error("pool_ssl: %s: %s", context, reason); > + } else { > + pool_error("pool_ssl: %s: Unknown SSL error %lu", context, err); > + } > } > > #else /* USE_SSL: wrap / no-op ssl functionality if it's not available */
signature.asc
Description: Digital signature
_______________________________________________ Pgpool-hackers mailing list [email protected] http://pgfoundry.org/mailman/listinfo/pgpool-hackers
