Re: [exim-dev] pgsql lookup TLS access broken in 4.82 RC2 ?

Top Page
Delete this message
Reply to this message
Author: Viktor Dukhovni
Date:  
To: exim-dev
Subject: Re: [exim-dev] pgsql lookup TLS access broken in 4.82 RC2 ?
On Tue, Oct 08, 2013 at 03:57:52PM +0200, Axel Rau wrote:

> It makes a difference: It now logs:
> ---
> gave DEFER: PGSQL connection failed: could not create SSL context: SSL error code 336236705


    $ printf '%X\n' 336236705
    140A90A1


which breaks-down to library == 0x14 == 20, function == 0x0A9 == 169,
reason == 0x0A1 == 161.

    $ grep 'ERR_LIB_.*20$' crypto/err/*.h
    #define ERR_LIB_SSL             20


    $ grep 'SSL_F_.*169$' ssl/ssh.h
    #define SSL_F_SSL_CTX_NEW                              169


    $ grep 'SSL_R_.*161$' ssl/ssl.h
    #define SSL_R_LIBRARY_HAS_NO_CIPHERS                   161


I am guessing this means that SSL_library_init() (aka
OpenSSL_add_ssl_algorithms()) has not yet been called, and the
PQinitOpenSSL() function with (0,0) as arguments expects that OpenSSL
has been initialized by the application.

So perhaps Exim only initializes OpenSSL as needed (first SMTP use
of TLS, ...) but uses Postgres before that.

--
    Viktor.