Re: BUG #17326: Postgres crashed when pg_reload_conf() with ssl certificate parameters

> On Mon, Dec 13, 2021 at 08:10:57PM +0900, Michael Paquier wrote:
> On Mon, Dec 13, 2021 at 07:06:16AM +0000, James Pang (chaolpan) wrote:
> > Edit postgresql.conf to change ssl_certificate parameter ,
>
> Do you mean ssl_cert_file here?  Also, something that's not completely
> clear to me is if this is a problem with a vanilla PostgreSQL
> instance or if this is related to the pgaudit extension set_user, as
> it has been mentioned as one potential origin of the problem upthread,
> but you are not telling if this is the case here.  So what do you have
> for shared_preload_libraries in this crash?
>
> > #9  0x00007ff49a78059c in ssl_cert_clear_certs () from /lib64/libssl.so.1.1
> > #10 0x00007ff49a780645 in ssl_cert_free () from /lib64/libssl.so.1.1
> > #11 0x00007ff49a78a25c in SSL_CTX_free () from /lib64/libssl.so.1.1
> > #12 0x000000000068b6b8 in be_tls_init ()
> > #13 0x00000000007271e1 in SIGHUP_handler ()
>
> Why is secure_initialize() not showing up in this stack?  That would
> be the caller of be_tls_init() in the SIGHUP handler.  The version of
> OpenSSL you are linking your binaries to would be useful here.  That
> would be a 1.1.0 or a 1.1.1, no?  Any specific minor version letter?

I think I can actually reproduce the issue. In my case the stack is
fine, it contains secure_initialize, and overall it looks like some sort
of memory corruption -- at least openssl gets segfault because it can't
access some memory address it tries to verify in asn1_primitive_free.
Not sure yet why, investigating.