SSL renegotiation fails
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssl (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned | ||
postgresql (Juju Charms Collection) |
Fix Released
|
High
|
Stuart Bishop | ||
postgresql-9.4 (Ubuntu) |
Confirmed
|
High
|
Unassigned |
Bug Description
With PostgreSQL 9.1, SSL renegotiation is enabled by default. This fails under Ubuntu 12.04, most noticeably when using streaming replication as the renegotiation limit is hit quickly.
On the master:
2012-06-25 16:16:26 PDT LOG: SSL renegotiation failure
2012-06-25 16:16:26 PDT LOG: SSL error: unexpected record
2012-06-25 16:16:26 PDT LOG: could not send data to client: Connection reset by peer
On the hot standby:
2012-06-25 11:12:11 PDT FATAL: could not receive data from WAL stream: SSL error: sslv3 alert unexpected message
2012-06-25 11:12:11 PDT LOG: record with zero length at 1C5/95D2FE00
If our SSL libraries do not support SSL renegotiation, the default setting is wrong and perhaps warnings emitted if attempts are made to enable it.
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: postgresql-9.1 9.1.4-0ubuntu12.04
ProcVersionSign
Uname: Linux 3.2.0-25-generic x86_64
NonfreeKernelMo
ApportVersion: 2.0.1-0ubuntu8
Architecture: amd64
Date: Wed Jun 27 16:38:33 2012
ProcEnviron:
LANGUAGE=en_AU:en
TERM=xterm
PATH=(custom, user)
LANG=en_AU.UTF-8
SHELL=/bin/bash
SourcePackage: postgresql-9.1
UpgradeStatus: Upgraded to precise on 2012-04-27 (60 days ago)
Related branches
- Barry Price: Approve
- Review Queue (community): Needs Fixing (automated testing)
- charmers: Pending requested
-
Diff: 665 lines (+105/-87)7 files modifiedMakefile (+3/-1)
config.yaml (+72/-64)
hooks/helpers.py (+2/-4)
hooks/hooks.py (+14/-15)
hooks/test_hooks.py (+0/-1)
templates/postgresql.conf.tmpl (+13/-0)
test.py (+1/-2)
Changed in postgresql-9.1 (Ubuntu): | |
importance: | Undecided → High |
assignee: | nobody → Canonical Server Team (canonical-server) |
Changed in postgresql-9.1 (Ubuntu): | |
status: | Incomplete → Confirmed |
tags: | added: canonical-webops |
affects: | postgresql-9.1 (Ubuntu) → postgresql-9.4 (Ubuntu) |
Changed in postgresql-9.4 (Ubuntu): | |
assignee: | Martin Pitt (pitti) → nobody |
Changed in postgresql (Juju Charms Collection): | |
status: | New → Triaged |
importance: | Undecided → High |
Changed in postgresql (Juju Charms Collection): | |
status: | Triaged → In Progress |
assignee: | nobody → Stuart Bishop (stub) |
Changed in postgresql (Juju Charms Collection): | |
status: | In Progress → Fix Released |
Changed in openssl (Ubuntu): | |
status: | Incomplete → Won't Fix |
Added openssl, as perhaps this is supposed to be working now? Probably INVALID or WONTFIX.