From: "Joshua D. Drake" on
On Mon, 22 Feb 2010 12:25:08 -0500, Tom Lane <tgl(a)sss.pgh.pa.us> wrote:
> Magnus Hagander <magnus(a)hagander.net> writes:
>> 2010/2/22 Tom Lane <tgl(a)sss.pgh.pa.us>:
>>> Red Hat's already shipping the patch.  Dunno about other vendors.
>
>> Which patch? The one that breaks it, or the one that changes the
>> protocol?
>
> The one with the protocol change.
>
> I think we already missed the window where it would have been sensible
> to install a hack workaround for this. If we'd done that in November
> it might have been reasonable, but by now it's too late for any hack
> we install to spread much faster than fixed openssl libraries.

Perhaps I am missing something here but as it is not our bug but is a
known bug, why can't we just say:

ERROR: SSL FATAL: Renogiation failed. Check OpenSSL bug list

Yes the wording is miserable, change it but the point I think is clear.

I think it is completely reasonable to have warnings or errors that point
to other areas. If nothing else when it comes to our list we can say, "What
is the error message you get" and then we say,
"Did you check the OpenSSL bug list?".

I have to do similar things with PITRTools because of various unknown but
possibly successful states (like files changing underneath rsync).

Joshua D. Drake



--
PostgreSQL - XMPP: jdrake(at)jabber(dot)postgresql(dot)org
Consulting, Development, Support, Training
503-667-4564 - http://www.commandprompt.com/
The PostgreSQL Company, serving since 1997

--
Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

From: "Joshua D. Drake" on
On Mon, 22 Feb 2010 18:00:33 +0100, Magnus Hagander <magnus(a)hagander.net>
wrote:

> We also have to consider our Windows users, where *we* ship the
> OpenSSL library. Where there is no library we can ship right now that
> fixes it.

We do? I mean I know that we provide the old 8.2/8.3 pginstaller, but EDB
is the provider of w32 binaries, not the community.

Joshua D. Drake

--
PostgreSQL - XMPP: jdrake(at)jabber(dot)postgresql(dot)org
Consulting, Development, Support, Training
503-667-4564 - http://www.commandprompt.com/
The PostgreSQL Company, serving since 1997

--
Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

From: Magnus Hagander on
2010/2/22 Joshua D. Drake <jd(a)commandprompt.com>:
> On Mon, 22 Feb 2010 18:00:33 +0100, Magnus Hagander <magnus(a)hagander.net>
> wrote:
>
>> We also have to consider our Windows users, where *we* ship the
>> OpenSSL library. Where there is no library we can ship right now that
>> fixes it.
>
> We do? I mean I know that we provide the old 8.2/8.3 pginstaller, but EDB
> is the provider of w32 binaries, not the community.

How does that change the fact even a tiny bit for the end user?

--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/

--
Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

From: Chris Campbell on
On Feb 22, 2010, at 12:25 PM, Tom Lane wrote:

> I think we already missed the window where it would have been sensible
> to install a hack workaround for this. If we'd done that in November
> it might have been reasonable, but by now it's too late for any hack
> we install to spread much faster than fixed openssl libraries.

Could we simply ignore renegotiation errors? Or change them to warnings? That may enable us to work with the semi-fixed OpenSSL libraries that are currently in the field, without disabling the functionality altogether.

- Chris


--
Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

From: "Joshua D. Drake" on
On Mon, 2010-02-22 at 18:45 +0100, Magnus Hagander wrote:
> 2010/2/22 Joshua D. Drake <jd(a)commandprompt.com>:
> > On Mon, 22 Feb 2010 18:00:33 +0100, Magnus Hagander <magnus(a)hagander.net>
> > wrote:
> >
> >> We also have to consider our Windows users, where *we* ship the
> >> OpenSSL library. Where there is no library we can ship right now that
> >> fixes it.
> >
> > We do? I mean I know that we provide the old 8.2/8.3 pginstaller, but EDB
> > is the provider of w32 binaries, not the community.
>
> How does that change the fact even a tiny bit for the end user?

Only that EDB may chose to put in there own solution.

Joshua D. Drake


--
PostgreSQL.org Major Contributor
Command Prompt, Inc: http://www.commandprompt.com/ - 503.667.4564
Consulting, Training, Support, Custom Development, Engineering
Respect is earned, not gained through arbitrary and repetitive use or Mr. or Sir.


--
Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers