aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/backend/libpq/be-secure-openssl.c9
-rw-r--r--src/interfaces/libpq/fe-secure-openssl.c11
2 files changed, 11 insertions, 9 deletions
diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
index 162ac1eb7b7..ace0da9d04e 100644
--- a/src/backend/libpq/be-secure-openssl.c
+++ b/src/backend/libpq/be-secure-openssl.c
@@ -1465,10 +1465,11 @@ SSLerrmessage(unsigned long ecode)
return errreason;
/*
- * In OpenSSL 3.0.0 and later, ERR_reason_error_string randomly refuses to
- * map system errno values. We can cover that shortcoming with this bit
- * of code. Older OpenSSL versions don't have the ERR_SYSTEM_ERROR macro,
- * but that's okay because they don't have the shortcoming either.
+ * In OpenSSL 3.0.0 and later, ERR_reason_error_string does not map system
+ * errno values anymore. (See OpenSSL source code for the explanation.)
+ * We can cover that shortcoming with this bit of code. Older OpenSSL
+ * versions don't have the ERR_SYSTEM_ERROR macro, but that's okay because
+ * they don't have the shortcoming either.
*/
#ifdef ERR_SYSTEM_ERROR
if (ERR_SYSTEM_ERROR(ecode))
diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c
index 5c867106fb0..b6fffd7b9b0 100644
--- a/src/interfaces/libpq/fe-secure-openssl.c
+++ b/src/interfaces/libpq/fe-secure-openssl.c
@@ -1759,15 +1759,16 @@ SSLerrmessage(unsigned long ecode)
#endif
/*
- * In OpenSSL 3.0.0 and later, ERR_reason_error_string randomly refuses to
- * map system errno values. We can cover that shortcoming with this bit
- * of code. Older OpenSSL versions don't have the ERR_SYSTEM_ERROR macro,
- * but that's okay because they don't have the shortcoming either.
+ * In OpenSSL 3.0.0 and later, ERR_reason_error_string does not map system
+ * errno values anymore. (See OpenSSL source code for the explanation.)
+ * We can cover that shortcoming with this bit of code. Older OpenSSL
+ * versions don't have the ERR_SYSTEM_ERROR macro, but that's okay because
+ * they don't have the shortcoming either.
*/
#ifdef ERR_SYSTEM_ERROR
if (ERR_SYSTEM_ERROR(ecode))
{
- strlcpy(errbuf, strerror(ERR_GET_REASON(ecode)), SSL_ERR_LEN);
+ strerror_r(ERR_GET_REASON(ecode), errbuf, SSL_ERR_LEN);
return errbuf;
}
#endif