homebrew-core: openssl@3.2.0 update makes psql crash when connecting with TLS

brew gist-logs <formula> link OR brew config AND brew doctor output

Error: No logs.

Please note that these warnings are just used to help the Homebrew maintainers
with debugging if you file an issue. If everything you use Homebrew for is
working fine: please don't worry or file an issue; just ignore this. Thanks!

Warning: Some installed formulae are deprecated or disabled.
You should find replacements for the following formulae:
  openssl@1.1

Verification

  • My “brew doctor output” says Your system is ready to brew. and am still able to reproduce my issue.
  • I ran brew update and am still able to reproduce my issue.
  • I have resolved all warnings from brew doctor and that did not fix my problem.
  • I searched for recent similar issues at https://github.com/Homebrew/homebrew-core/issues?q=is%3Aissue and found no duplicates.

What were you trying to do (and why)?

I’m trying to use psql from postgresql@16 to connect to a server that requires TLS.

What happened (include all command output)?

psql is crashing with a pointer error.

What did you expect to happen?

psql should connect successfully to a TLS postgresql server.

Step-by-step reproduction instructions (by running brew commands)

My issue has been fixed by downgrading `openssl@3` to `openssl` version 3.1.4

About this issue

  • Original URL
  • State: closed
  • Created 7 months ago
  • Reactions: 20
  • Comments: 26 (7 by maintainers)

Commits related to this issue

Most upvoted comments

Does someone have the steps to downgrade to 3.1.4?

curl -L https://raw.githubusercontent.com/Homebrew/homebrew-core/e68186ba5a05a6ea9a30d6c7744de9a46bd3aadd/Formula/o/openssl@3.rb > openssl@3.rb && brew install openssl@3.rb

That’s the commit that upgraded the formula from 3.1.4 to 3.2. Feel free to confirm for yourself though.

+22
tlbraams on Nov 27, 2023

Homebrew’s Postgreses now are compatible with openssl 3.2, please run brew upgrade postgresql@<YOUR POSTGRES VERSION> or brew upgrade libpq to get the fixed version.

+21
bayandin on Nov 28, 2023

Does someone have the steps to downgrade to 3.1.4?

curl -L https://raw.githubusercontent.com/Homebrew/homebrew-core/e68186ba5a05a6ea9a30d6c7744de9a46bd3aadd/Formula/o/openssl@3.rb > openssl@3.rb && brew install openssl@3.rb

That’s the commit that upgraded the formula from 3.1.4 to 3.2. Feel free to confirm for yourself though.

Thanks so much for this.

FYI to anyone who runs this: the first time I ran this, it didn’t work, giving the error:

Error: openssl@3 3.2.0 is already installed
To install 3.1.4, first run:
  brew unlink openssl@3

Following these instructions and running brew unlink openssl@3 before the above command worked for me and got postgres up and running again.

+8
aickin on Nov 27, 2023

For those curious: https://www.postgresql.org/message-id/CX9SU44GH3P4.17X6ZZUJ5D40N@neon.tech.

+3
tristan957 on Nov 27, 2023

@Bo98 thanks for your work on this! I will CC you on the email that I send to the list.

+2
tristan957 on Nov 27, 2023

psql -h xxx -p 5432 -U xxx -d xxx

psql: error: connection to server at “xxx” (x.x.x.x), port 5432 failed: FATAL: no PostqreSQL user name specified in startup packet connection to server at xxx" (x.x.x.x), port 5432 failed: FATAL no PostgreSQL user name specified in startup packet psql(6636,0x10f1de600) malloc: *** error for object 0x7f916b00bc00: pointer being freed was not allocated psql(6636,0x10f1de600) malloc: *** set a breakpoint in malloc _error break to debug

+2
kozlek on Nov 27, 2023

@thomas-shirley it was in pgsql. OpenSSL just exposed an incorrect API usage within pgsql

+1
tristan957 on Dec 15, 2023

Yes, this is a misuse of BIO_set_data from the Postgres side. This fixes it:

diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c
index 4aeaf08312..e669bdbf1d 100644
--- a/src/interfaces/libpq/fe-secure-openssl.c
+++ b/src/interfaces/libpq/fe-secure-openssl.c
@@ -1815,11 +1815,6 @@ PQsslAttribute(PGconn *conn, const char *attribute_name)
  * see sock_read() and sock_write() in OpenSSL's crypto/bio/bss_sock.c.
  */
 
-#ifndef HAVE_BIO_GET_DATA
-#define BIO_get_data(bio) (bio->ptr)
-#define BIO_set_data(bio, data) (bio->ptr = data)
-#endif
-
 /* protected by ssl_config_mutex */
 static BIO_METHOD *my_bio_methods;
 
@@ -1828,7 +1823,7 @@ my_sock_read(BIO *h, char *buf, int size)
 {
 	int			res;
 
-	res = pqsecure_raw_read((PGconn *) BIO_get_data(h), buf, size);
+	res = pqsecure_raw_read((PGconn *) BIO_get_app_data(h), buf, size);
 	BIO_clear_retry_flags(h);
 	if (res < 0)
 	{
@@ -1858,7 +1853,7 @@ my_sock_write(BIO *h, const char *buf, int size)
 {
 	int			res;
 
-	res = pqsecure_raw_write((PGconn *) BIO_get_data(h), buf, size);
+	res = pqsecure_raw_write((PGconn *) BIO_get_app_data(h), buf, size);
 	BIO_clear_retry_flags(h);
 	if (res < 0)
 	{
@@ -1968,7 +1963,7 @@ my_SSL_set_fd(PGconn *conn, int fd)
 		SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
 		goto err;
 	}
-	BIO_set_data(bio, conn);
+	BIO_set_app_data(bio, conn);
 
 	SSL_set_bio(conn->ssl, bio, bio);
 	BIO_set_fd(bio, fd, BIO_NOCLOSE);

(+ could also remove configure checks for BIO_get_data)

+1
Bo98 on Nov 27, 2023

Does someone have the steps to downgrade to 3.1.4?

+1
apiology on Nov 27, 2023
Read more comments on GitHub
← homebrew-core: brew install gcc: postinstall broken (gcc-13)
homebrew-core: qemu: `invalid signature (code or signature have been modified)` (regression in 8.0.4, fixed in 8.0.4-1, re-regression in 8.1.0) →