Hi all, When attempting to connect using password authentication through SSL, the backend will complain in its log with the following entry before calling sendAuthRequest(), which asks the client for a password: LOG: could not receive data from client: Connection reset by peer
After a short talk with Heikki, it seems that be_tls_read() complains on SSL_ERROR_ZERO_RETURN, which is documented here: https://wiki.openssl.org/index.php/Manual:SSL_get_error(3) The TLS/SSL connection has been closed. If the protocol version is SSL 3.0 or TLS 1.0, this result code is returned only if a closure alert has occurred in the protocol, i.e. if the connection has been closed cleanly. Note that in this case SSL_ERROR_ZERO_RETURN does not necessarily indicate that the underlying transport has been closed. As this is a clean shutdown of the SSL connection, shouldn't be_tls_read() return 0 to the caller instead of -1? This would map with what the non-SSL code path does for raw reads. This is basically harmless, but the error message is confusing I think, and there is no equivalent for the non-SSL code path. Attached is an idea of patch. Thoughts? -- Michael
ssl-read-commerr.patch
Description: Binary data
-- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
