Re: Rare SSL failures on eelpout

Thomas Munro <thomas.munro@enterprisedb.com> writes:
> Hmm.  Why is psql doing two sendto() calls without reading a response
> in between, when it's possible for the server to exit after the first,
> anyway?  Seems like a protocol violation somewhere?

Keep in mind this is all down inside the SSL handshake, so if any
protocol is being violated, it's theirs not ours.

My gut reaction is that this probably indicates that in the "certificate
verify failed" code path, we're exiting the server too soon without
letting openssl finish out its handshake fully.  But that could be all
wet, or even if true it might not be convenient to postpone exit (e.g.,
we'd have to save the SSL error code somewhere, I suspect).

The whole thing reminds me of the recent bug #15598:

https://www.postgresql.org/message-id/87k1iy44fd.fsf%40news-spur.riddles.org.uk

            regards, tom lane