Re: SSL renegotiation

Alvaro,

* Alvaro Herrera (alvherre@2ndquadrant.com) wrote:
> 1. Don't backpatch the ERROR bit at all, so that if the renegotiation
> fails we would silently continue just as currently

I'm leaning towards the above at this point.

> I was reminded of this once more because I just saw a spurious
> renegotiation failure in somebody's production setup.  Kind of like a
> recurring nightmare which I thought I had already erradicated.

I saw one yesterday. :(

> Opinions?  Also, should we wait longer for the new renegotiation code to
> be more battle-tested?

I've got a better environment to test this in now and given that I saw
it just yesterday, I'm very interested in addressing it.  I grow tired
of seeing these renegotiation errors.
Thanks!
    Stephen