diff options
-rw-r--r-- | src/backend/libpq/be-secure-openssl.c | 9 | ||||
-rw-r--r-- | src/interfaces/libpq/fe-secure-openssl.c | 11 |
2 files changed, 11 insertions, 9 deletions
diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c index 162ac1eb7b7..ace0da9d04e 100644 --- a/src/backend/libpq/be-secure-openssl.c +++ b/src/backend/libpq/be-secure-openssl.c @@ -1465,10 +1465,11 @@ SSLerrmessage(unsigned long ecode) return errreason; /* - * In OpenSSL 3.0.0 and later, ERR_reason_error_string randomly refuses to - * map system errno values. We can cover that shortcoming with this bit - * of code. Older OpenSSL versions don't have the ERR_SYSTEM_ERROR macro, - * but that's okay because they don't have the shortcoming either. + * In OpenSSL 3.0.0 and later, ERR_reason_error_string does not map system + * errno values anymore. (See OpenSSL source code for the explanation.) + * We can cover that shortcoming with this bit of code. Older OpenSSL + * versions don't have the ERR_SYSTEM_ERROR macro, but that's okay because + * they don't have the shortcoming either. */ #ifdef ERR_SYSTEM_ERROR if (ERR_SYSTEM_ERROR(ecode)) diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c index 5c867106fb0..b6fffd7b9b0 100644 --- a/src/interfaces/libpq/fe-secure-openssl.c +++ b/src/interfaces/libpq/fe-secure-openssl.c @@ -1759,15 +1759,16 @@ SSLerrmessage(unsigned long ecode) #endif /* - * In OpenSSL 3.0.0 and later, ERR_reason_error_string randomly refuses to - * map system errno values. We can cover that shortcoming with this bit - * of code. Older OpenSSL versions don't have the ERR_SYSTEM_ERROR macro, - * but that's okay because they don't have the shortcoming either. + * In OpenSSL 3.0.0 and later, ERR_reason_error_string does not map system + * errno values anymore. (See OpenSSL source code for the explanation.) + * We can cover that shortcoming with this bit of code. Older OpenSSL + * versions don't have the ERR_SYSTEM_ERROR macro, but that's okay because + * they don't have the shortcoming either. */ #ifdef ERR_SYSTEM_ERROR if (ERR_SYSTEM_ERROR(ecode)) { - strlcpy(errbuf, strerror(ERR_GET_REASON(ecode)), SSL_ERR_LEN); + strerror_r(ERR_GET_REASON(ecode), errbuf, SSL_ERR_LEN); return errbuf; } #endif |