2 files changed, 67 insertions, 18 deletions

diff --git a/src/interfaces/libpq/fe-misc.c b/src/interfaces/libpq/fe-misc.c
index 17dde4aecc4..02e011e1eb0 100644
--- a/src/interfaces/libpq/fe-misc.c
+++ b/src/interfaces/libpq/fe-misc.c
@@ -647,7 +647,9 @@ retry3:
 		if (SOCK_ERRNO == ECONNRESET)
 			goto definitelyFailed;
 #endif
-		printfPQExpBuffer(&conn->errorMessage,
+		/* in SSL mode, pqsecure_read set the error message */
+		if (conn->ssl == NULL)
+			printfPQExpBuffer(&conn->errorMessage,
 				   libpq_gettext("could not receive data from server: %s\n"),
 						  SOCK_STRERROR(SOCK_ERRNO, sebuf, sizeof(sebuf)));
 		return -1;
@@ -737,7 +739,9 @@ retry4:
 		if (SOCK_ERRNO == ECONNRESET)
 			goto definitelyFailed;
 #endif
-		printfPQExpBuffer(&conn->errorMessage,
+		/* in SSL mode, pqsecure_read set the error message */
+		if (conn->ssl == NULL)
+			printfPQExpBuffer(&conn->errorMessage,
 				   libpq_gettext("could not receive data from server: %s\n"),
 						  SOCK_STRERROR(SOCK_ERRNO, sebuf, sizeof(sebuf)));
 		return -1;
@@ -753,8 +757,10 @@ retry4:
 	 * means the connection has been closed.  Cope.
 	 */
 definitelyFailed:
-	printfPQExpBuffer(&conn->errorMessage,
-					  libpq_gettext(
+	/* in SSL mode, pqsecure_read set the error message */
+	if (conn->ssl == NULL)
+		printfPQExpBuffer(&conn->errorMessage,
+						  libpq_gettext(
 								"server closed the connection unexpectedly\n"
 				   "\tThis probably means the server terminated abnormally\n"
 							 "\tbefore or while processing the request.\n"));
@@ -831,8 +837,10 @@ pqSendSome(PGconn *conn, int len)
 #ifdef ECONNRESET
 				case ECONNRESET:
 #endif
-					printfPQExpBuffer(&conn->errorMessage,
-									  libpq_gettext(
+					/* in SSL mode, pqsecure_write set the error message */
+					if (conn->ssl == NULL)
+						printfPQExpBuffer(&conn->errorMessage,
+										  libpq_gettext(
 								"server closed the connection unexpectedly\n"
 					"\tThis probably means the server terminated abnormally\n"
 							 "\tbefore or while processing the request.\n"));
@@ -849,7 +857,9 @@ pqSendSome(PGconn *conn, int len)
 					return -1;
 
 				default:
-					printfPQExpBuffer(&conn->errorMessage,
+					/* in SSL mode, pqsecure_write set the error message */
+					if (conn->ssl == NULL)
+						printfPQExpBuffer(&conn->errorMessage,
 						libpq_gettext("could not send data to server: %s\n"),
 							SOCK_STRERROR(SOCK_ERRNO, sebuf, sizeof(sebuf)));
 					/* We don't assume it's a fatal error... */
diff --git a/src/interfaces/libpq/fe-secure.c b/src/interfaces/libpq/fe-secure.c
index 9319f972c81..6e0fbd3a390 100644
--- a/src/interfaces/libpq/fe-secure.c
+++ b/src/interfaces/libpq/fe-secure.c
@@ -302,6 +302,11 @@ pqsecure_close(PGconn *conn)
 
 /*
  *	Read data from a secure connection.
+ *
+ * If SSL is in use, this function is responsible for putting a suitable
+ * message into conn->errorMessage upon error; but the caller does that
+ * when not using SSL.  In either case, caller uses the returned errno
+ * to decide whether to continue/retry after error.
  */
 ssize_t
 pqsecure_read(PGconn *conn, void *ptr, size_t len)
@@ -325,6 +330,13 @@ rloop:
 		switch (err)
 		{
 			case SSL_ERROR_NONE:
+				if (n < 0)
+				{
+					printfPQExpBuffer(&conn->errorMessage,
+									  libpq_gettext("SSL_read failed but did not provide error information\n"));
+					/* assume the connection is broken */
+					SOCK_ERRNO_SET(ECONNRESET);
+				}
 				break;
 			case SSL_ERROR_WANT_READ:
 				n = 0;
@@ -342,7 +354,7 @@ rloop:
 				{
 					char		sebuf[256];
 
-					if (n == -1)
+					if (n < 0)
 					{
 						REMEMBER_EPIPE(spinfo, SOCK_ERRNO == EPIPE);
 						printfPQExpBuffer(&conn->errorMessage,
@@ -353,7 +365,7 @@ rloop:
 					{
 						printfPQExpBuffer(&conn->errorMessage,
 						 libpq_gettext("SSL SYSCALL error: EOF detected\n"));
-
+						/* assume the connection is broken */
 						SOCK_ERRNO_SET(ECONNRESET);
 						n = -1;
 					}
@@ -361,14 +373,19 @@ rloop:
 				}
 			case SSL_ERROR_SSL:
 				{
-					char	   *err = SSLerrmessage();
+					char	   *errm = SSLerrmessage();
 
 					printfPQExpBuffer(&conn->errorMessage,
-									  libpq_gettext("SSL error: %s\n"), err);
-					SSLerrfree(err);
+									  libpq_gettext("SSL error: %s\n"), errm);
+					SSLerrfree(errm);
+					/* assume the connection is broken */
+					SOCK_ERRNO_SET(ECONNRESET);
+					n = -1;
+					break;
 				}
-				/* fall through */
 			case SSL_ERROR_ZERO_RETURN:
+				printfPQExpBuffer(&conn->errorMessage,
+								  libpq_gettext("SSL connection has been closed unexpectedly\n"));
 				SOCK_ERRNO_SET(ECONNRESET);
 				n = -1;
 				break;
@@ -376,6 +393,8 @@ rloop:
 				printfPQExpBuffer(&conn->errorMessage,
 						  libpq_gettext("unrecognized SSL error code: %d\n"),
 								  err);
+				/* assume the connection is broken */
+				SOCK_ERRNO_SET(ECONNRESET);
 				n = -1;
 				break;
 		}
@@ -391,6 +410,11 @@ rloop:
 
 /*
  *	Write data to a secure connection.
+ *
+ * If SSL is in use, this function is responsible for putting a suitable
+ * message into conn->errorMessage upon error; but the caller does that
+ * when not using SSL.  In either case, caller uses the returned errno
+ * to decide whether to continue/retry after error.
  */
 ssize_t
 pqsecure_write(PGconn *conn, const void *ptr, size_t len)
@@ -412,6 +436,13 @@ pqsecure_write(PGconn *conn, const void *ptr, size_t len)
 		switch (err)
 		{
 			case SSL_ERROR_NONE:
+				if (n < 0)
+				{
+					printfPQExpBuffer(&conn->errorMessage,
+									  libpq_gettext("SSL_write failed but did not provide error information\n"));
+					/* assume the connection is broken */
+					SOCK_ERRNO_SET(ECONNRESET);
+				}
 				break;
 			case SSL_ERROR_WANT_READ:
 
@@ -429,7 +460,7 @@ pqsecure_write(PGconn *conn, const void *ptr, size_t len)
 				{
 					char		sebuf[256];
 
-					if (n == -1)
+					if (n < 0)
 					{
 						REMEMBER_EPIPE(spinfo, SOCK_ERRNO == EPIPE);
 						printfPQExpBuffer(&conn->errorMessage,
@@ -440,6 +471,7 @@ pqsecure_write(PGconn *conn, const void *ptr, size_t len)
 					{
 						printfPQExpBuffer(&conn->errorMessage,
 						 libpq_gettext("SSL SYSCALL error: EOF detected\n"));
+						/* assume the connection is broken */
 						SOCK_ERRNO_SET(ECONNRESET);
 						n = -1;
 					}
@@ -447,14 +479,19 @@ pqsecure_write(PGconn *conn, const void *ptr, size_t len)
 				}
 			case SSL_ERROR_SSL:
 				{
-					char	   *err = SSLerrmessage();
+					char	   *errm = SSLerrmessage();
 
 					printfPQExpBuffer(&conn->errorMessage,
-									  libpq_gettext("SSL error: %s\n"), err);
-					SSLerrfree(err);
+									  libpq_gettext("SSL error: %s\n"), errm);
+					SSLerrfree(errm);
+					/* assume the connection is broken */
+					SOCK_ERRNO_SET(ECONNRESET);
+					n = -1;
+					break;
 				}
-				/* fall through */
 			case SSL_ERROR_ZERO_RETURN:
+				printfPQExpBuffer(&conn->errorMessage,
+								  libpq_gettext("SSL connection has been closed unexpectedly\n"));
 				SOCK_ERRNO_SET(ECONNRESET);
 				n = -1;
 				break;
@@ -462,6 +499,8 @@ pqsecure_write(PGconn *conn, const void *ptr, size_t len)
 				printfPQExpBuffer(&conn->errorMessage,
 						  libpq_gettext("unrecognized SSL error code: %d\n"),
 								  err);
+				/* assume the connection is broken */
+				SOCK_ERRNO_SET(ECONNRESET);
 				n = -1;
 				break;
 		}