Sean Chittenden <sean@chittenden.org> writes:
> My bet is Pg is smashing OpenSSL's stack when
> passing more than 2 chars as a salt.
I looked at the code a little bit and that doesn't seem to be the case.
On my machine the core dump seems to be because EVP_DigestUpdate is
called with a EVP_MD_CTX that's all zeroes. So I think the previous
theory about not having tracked an API change is on target after all.
Personally, I'm punting this problem in Marko's direction --- I won't
take responsibility for fixing contrib code that isn't even compiled
by default.
regards, tom lane