Movatterモバイル変換


[0]ホーム

URL:


Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Sign up
Appearance settings

Commitd0c2302

Browse files
committed
Use OpenSSL's SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER flag.
This disables an entirely unnecessary "sanity check" that causes failuresin nonblocking mode, because OpenSSL complains if we move or compact thewrite buffer. The only actual requirement is that we not modify pendingdata once we've attempted to send it, which we don't. Per testing andresearch by Martin Pihlak, though this fix is a lot simpler than his patch.I put the same change into the backend, although it's less clear whetherit's necessary there. We do use nonblock mode in some situations instreaming replication, so seems best to keep the same behavior in thebackend as in libpq.Back-patch to all supported releases.
1 parent081a551 commitd0c2302

File tree

2 files changed

+12
-0
lines changed

2 files changed

+12
-0
lines changed

‎src/backend/libpq/be-secure.c

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -736,6 +736,12 @@ initialize_SSL(void)
736736
(errmsg("could not create SSL context: %s",
737737
SSLerrmessage())));
738738

739+
/*
740+
* Disable OpenSSL's moving-write-buffer sanity check, because it
741+
* causes unnecessary failures in nonblocking send cases.
742+
*/
743+
SSL_CTX_set_mode(SSL_context,SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
744+
739745
/*
740746
* Load and verify server's certificate and private key
741747
*/

‎src/interfaces/libpq/fe-secure.c

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -757,6 +757,12 @@ init_ssl_system(PGconn *conn)
757757
#endif
758758
return-1;
759759
}
760+
761+
/*
762+
* Disable OpenSSL's moving-write-buffer sanity check, because it
763+
* causes unnecessary failures in nonblocking send cases.
764+
*/
765+
SSL_CTX_set_mode(SSL_context,SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
760766
}
761767

762768
#ifdefENABLE_THREAD_SAFETY

0 commit comments

Comments
 (0)

[8]ページ先頭

©2009-2025 Movatter.jp