Search Postgresql Archives

Re: Problem with streaming replication over SSL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I wrote:
>Magnus Hagander wrote:
>>>>> I have streaming replication configured over SSL, and
>>>>> there seems to be a problem with SSL renegotiation.
>>> [...]
>>>>> After that, streaming replication reconnects and resumes working.
>>>>>
>>>>> Is this an oversight in the replication protocol, or is this
>>>>> working as designed?

>>> It can hardly be the CVE-2009-3555 renegotiation problem.
>>> Both machines have OpenSSL 1.0.0, and RFC 5746 was implemented
>>> in 0.9.8m.

>> It would be worth trying with ssl_renegotiation=0 to see if the
>> problem goes away.

> I tried, and that makes the problem go away.
> This is to be expected of course, because no
> renegotiation will take place with that setting.

>>> But I'll try to test if normal connections have the problem too.

>> That would be a useful datapoint. All settings around this *should*
>> happen at a lower layer than the difference between a replication
>> connection and a regular one, but it would be good to confir mit.
> 
> I tried, and a normal data connection does not have the
> problem.  I transferred more than 0.5 GB of data (at which
> point renegotiation should take place), and there was no error.
> 
> Does it make sense to try and take a stack trace of the
> problem, on primary or standby?

FWIW, I collected a stack trace:

#0  libpqrcv_receive (timeout=100, type=0x7fff0e1d9d2f "w\002", buffer=0x7fff0e1d9d20, len=0x7fff0e1d9d28)
    at libpqwalreceiver.c:366
#1  0x0000000000601797 in WalReceiverMain () at walreceiver.c:311
#2  0x00000000004ae1a1 in AuxiliaryProcessMain (argc=2, argv=0x7fff0e1d9dc0) at bootstrap.c:433
#3  0x00000000005ee0c3 in StartChildProcess (type=WalReceiverProcess) at postmaster.c:4504
#4  0x00000000005f13c1 in sigusr1_handler (postgres_signal_arg=<value optimized out>) at postmaster.c:4300
#5  <signal handler called>
#6  0x00000037934de2d3 in __select_nocancel () from /lib64/libc.so.6
#7  0x00000000005ef54a in ServerLoop () at postmaster.c:1415
#8  0x00000000005f21de in PostmasterMain (argc=<value optimized out>, argv=<value optimized out>) at postmaster.c:1116
#9  0x0000000000594398 in main (argc=5, argv=0x1596bf0) at main.c:199

The only thing that sticks out to me is that walreceiver
is running inside a signal handler -- could that cause a problem
with OpenSSL?

Yours,
Laurenz Albe

-- 
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux