Re: PG 7.3.1 with ssl on linux hangs (testcase available)

Tom Lane wrote:

>Hm.  The postmaster is sending back 'N' indicating that it does not want
>to do SSL.
>
>Are you sure you are connecting to an SSL-enabled postmaster?
>
>Also, is your connection by any chance IPV6?  It doesn't look like it
>from the tcpdump, but I'm not sure I know how to tell.
>
Ah, that's it! My code examination just had reached
ProcessStartupPacket, when your mail arrived.
The kernel is IPV6, and incoming IPV4 connection will be handled IPV6; I
can tell this from pg_hba.conf experiments that my installation requires
the ::ffff:192.168.0.0/24 entry.

>The relevant bit of code in the postmaster is
>
>#ifdef USE_SSL
>        /* No SSL when disabled or on Unix sockets */
>        if (!EnableSSL || port->laddr.addr.ss_family != AF_INET)
>            SSLok = 'N';
>        else
>            SSLok = 'S';        /* Support for SSL */
>#else
>        SSLok = 'N';            /* No support for SSL */
>#endif
>

According to the comment, it should be

if (!EnableSSL || port->laddr.addr.ss_family == AF_UNIX)

and after changing this it works! Quite hard to find, probably most
users you'd ask "do you use IPV6" would have answered "no". I didn't opt
vor IPV6 either, it's a stock SuSE 8.1.

Immediately, I checked the reported ssl hangs, and found both cases
working. Dave reported this failing on snake.pgadmin.org, which uses a
different openssl (0.9.7a), I'll see if I can check that version (won't
be before monday, need some sleep now).

Regards,
Andreas