On Fri, 8 Dec 2023 at 19:39, Stephen R. van den Berg srb@cuci.nl wrote:
Chris Angelico wrote:
In working on the implementation, I'm running into some trouble with SSL connections in general. As of Pike 8.1, the pgsql module uses Shuffler (this wasn't the case in Pike 8.0, but for unrelated reasons I'm not able to build Pike 8.0 on here at the moment). Non-SSL connections are fine, but SSL ones run into a problem due to sendcmd() calling shuffle->add_source(this) early in connectloop(), before the shuffler is created down below. Can anyone confirm whether or not Pike 9.0 is able to establish SSL encrypted connections in this way?
You still have problems with ssl and pgsql on 9.0 ?
Yeah, still unable to get a connection to succeed as of this week's latest master. I wanted to compare against Pike 8.0, but the Shuffler transformation came in since then, so I wasn't able to get a good comparison.
My best understanding of what's going on is that the opening needs to be done in blocking mode, but sendcmd() assumes that it's already nonblocking. This might be able to be solved by parameterizing it, or possibly by not using sendcmd) in the "please use SSL" packet.
There's another small issue which is that the processloop needs to wait until the SSL handshake completes, but that's easy enough (though I think I ended up making that change in the same "debug hack" commit since I wasn't sure), just needs a write callback to start the thread rather than doing it unconditionally.
ChrisA