On Tue, May 23, 2017 at 6:36 AM, Heikki Linnakangas <hlinn...@iki.fi> wrote: > On 05/22/2017 10:11 PM, Vaishnavi Prabakaran wrote: >> >> On Mon, May 22, 2017 at 5:10 PM, Michael Paquier >> <michael.paqu...@gmail.com> >> wrote: >> >>> If the protocol version is SSL >>> 3.0 or TLS 1.0, this result code is returned only if a closure alert >>> has occurred in the protocol, i.e. if the connection has been closed >>> cleanly. Note that in this case SSL_ERROR_ZERO_RETURN does not >>> necessarily indicate that the underlying transport has been closed. >> >> >> I guess this error code exist even for SSL2 protocol, In that case, don't >> we need to keep the current code for this error code? > > If I understand correctly, with SSLv2, SSL_ERROR_ZERO_RETURN does mean that > the underlying transport has been closed. Returning 0 seems appropriate in > that case, too.
Am I reading the docs incorrectly then? I understand that with SSLv2 the transport may not be closed after SSL_ERROR_ZERO_RETURN. > But the point is moot anyway, because PostgreSQL doesn't allow SSLv2 > anymore. And SSL_OP_NO_SSLv2 is enforced anyway. Side note.. Looking at the openssl docs, I am just noticing that SSLv23_method has been marked as deprecated in 1.1.0: https://www.openssl.org/docs/man1.1.0/ssl/SSLv23_method.html And has been replaced by TLS_method. Something to keep in mind. -- Michael -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
