Piotr Gackiewicz wrote: > Tom Lane <tgl@xxxxxxxxxxxxx> wrote: >> Douglas Stetner <stetner@xxxxxxxxxx> writes: >>> Looking for confirmation there is an issue with pg_dump failing after >>> upgrade to openssl-1.0.1e-30.el6_6.11.x86_64 on redhat linux. >> >> Quick thought --- did you restart the Postgres service after upgrading >> openssl? If not, your server is still using the old library version, >> while pg_dump would be running the new version on the client side. >> I don't know exactly what was done to openssl in the last round of >> revisions, but maybe there is some sort of version compatibility issue. >> >> Also, you really ought to be running something newer than PG 8.4.9. > I have the same problem with fresh postgresql 9.2.13. > Started after upgrade to openssl-1.0.1e-30.el6_6.11.x86_64 > > Since then pg_dump aborts after dumping circa 2GB: > > pg_dump: [archiver (db)] query failed: SSL error: unexpected message > pg_dump: [archiver (db)] query was: FETCH 100 FROM _pg_dump_cursor > > openssl-1.0.1e-30.el6_6.11.x86_64 on both ends (connecting via localhost) > > pg_dump via unix socket, without "-h localhost" - there is no problem. > > Fetching 2.5 GB of such text dump via https (apache + mod_ssl + > openssl-1.0.1e-30.el6_6.11.x86_64) => wget + > openssl-1.0.1e-30.el6_6.11.x86_64 - there is no problem > > Looks like postgresql+ssl issue. > > postgres=# select name,setting,unit from pg_settings where name ~ 'ssl' ; > name | setting | unit > -------------------------+-----------------------------------+------ > ssl | on | > ssl_ca_file | | > ssl_cert_file | server.crt | > ssl_ciphers | ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH | > ssl_crl_file | | > ssl_key_file | server.key | > ssl_renegotiation_limit | 524288 | kB > > > Any thoughts? Maybe it has something to do with this OpenSSL bug: http://rt.openssl.org/Ticket/Display.html?id=3712&user=guest&pass=guest Basically, OpenSSL fails to handle application data messages during renegotiation. I have only encountered that when using other SSL libraries together with OpenSSL, but maybe it can also happen with only OpenSSL. Just to make sure: Do you have the same version of OpenSSL on both PostgreSQL client and server? Yours, Laurenz Albe -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
