Re: BUG #12799: libpq - SSL pqsecure_read() doesn't clean openssl error queue before reading

On 2/18/2016 5:38 PM, Tom Lane wrote:
> Dave Vitek <dvitek@grammatech.com> writes:
>> Maintainers: Peter's patch is better than mine, at least for the front
>> end side.  I also adjusted be-secure-openssl.c, which perhaps is not
>> necessary, but then again it's hard to be sure.  It might be worth doing
>> a patch for be-secure-openssl.c in the spirit of what Peter did for the
>> frontend (sorry, not volunteering :).
> +1 for changing both sides.  I'm fairly sure that you could provoke
> problems of this ilk in the backend too, for example if client connection
> is using SSL and we also establish an outgoing SSL connection using
> postgres_fdw or dblink.
>
> BTW, do we have a reproducible test case?
>
>             regards, tom lane
I can reproduce it, but I don't have a self contained unit test.

Such a test case might look like: call ERR_put_error with SSL_ERROR_SSL
and then cause libpq to invoke SSL_read. SSL_get_error after the read
will probably return SSL_ERROR_SSL even if the read goes fine, causing
postgres to conclude things have failed.