I wrote: > Stephen Frost <sfr...@snowman.net> writes: >> Agreed that it doesn't seem well documented. I was trying to figure out >> what the 'right' answer here was myself and not having much success. If >> the above works, then +1 to that.
> My reaction as well --- I was just gearing up to test this idea, > unless one of you are already on it? I've confirmed that this: diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c index e12b1cc9e3..47eee4b59d 100644 --- a/src/backend/libpq/be-secure-openssl.c +++ b/src/backend/libpq/be-secure-openssl.c @@ -1363,6 +1363,10 @@ SSLerrmessage(unsigned long ecode) errreason = ERR_reason_error_string(ecode); if (errreason != NULL) return errreason; +#ifdef ERR_SYSTEM_ERROR + if (ERR_SYSTEM_ERROR(ecode)) + return strerror(ERR_GET_REASON(ecode)); +#endif snprintf(errbuf, sizeof(errbuf), _("SSL error code %lu"), ecode); return errbuf; } seems to be enough to fix the problem on OpenSSL 3.1.1. The #ifdef is needed to avoid compile failure against OpenSSL 1.1.1 --- but that version doesn't have the problem, so we don't need to sweat. This could probably do with a comment, and we need to propagate the fix into libpq's copy of the function too. Barring objections, I'll take care of that and push it later today. regards, tom lane