projects / pgpool2.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 37931be)
Deal with SSL error SSL_ERROR_ZERO_RETURN.
authorTatsuo Ishii <ishii@sraoss.co.jp>
Wed, 14 Sep 2022 02:16:03 +0000 (11:16 +0900)
committerTatsuo Ishii <ishii@sraoss.co.jp>
Wed, 5 Oct 2022 06:55:09 +0000 (15:55 +0900)
Previously this caused failover, which was actually unnecessary because
it means the server is just going to close the connection.

Discussion: https://www.pgpool.net/pipermail/pgpool-general/2022-September/008425.html
Discussion: https://www.pgpool.net/pipermail/pgpool-hackers/2022-September/004194.html

src/utils/pool_ssl.c patch | blob | blame | history

diff --git a/src/utils/pool_ssl.c b/src/utils/pool_ssl.c
index 86bb99fb8b03e57101f7a9d4f0d744d877f721c0..c9fd55eb7839ec44f0d646bf23a63af98e889f45 100644 (file)
--- a/src/utils/pool_ssl.c
+++ b/src/utils/pool_ssl.c
@@ -253,10 +253,26 @@ retry:
                        break;
 
                case SSL_ERROR_SSL:
-               case SSL_ERROR_ZERO_RETURN:
                        perror_ssl("SSL_read");
                        n = -1;
                        break;
+               case SSL_ERROR_ZERO_RETURN:
+                       /* SSL manual says:
+                        * -------------------------------------------------------------
+                        * The TLS/SSL peer has closed the connection for
+                        * writing by sending the close_notify alert. No more data can be
+                        * read. Note that SSL_ERROR_ZERO_RETURN does not necessarily
+                        * indicate that the underlying transport has been closed.
+                        * -------------------------------------------------------------
+                        * We don't want to trigger failover but it is also possible that
+                        * the connectoon has been closed. So returns 0 to ask pool_read()
+                        * to close connection to frontend.
+                        */
+                       ereport(WARNING,
+                                       (errmsg("ssl read: SSL_ERROR_ZERO_RETURN")));
+                       perror_ssl("SSL_read");
+                       n = 0;
+                       break;
                default:
                        ereport(WARNING,
                                        (errmsg("ssl read: unrecognized error code: %d", err)));
Clustering tool for PostgreSQL