Use Go1.11 module (#5743)

* Migrate to go modules

* make vendor

* Update mvdan.cc/xurls

* make vendor

* Update code.gitea.io/git

* make fmt-check

* Update github.com/go-sql-driver/mysql

* make vendor

vendor/github.com/lib/pq/.gitignore

@@ -0,0 +1,4 @@
+.db
+*.test
+*~
+*.swp

vendor/github.com/lib/pq/.travis.sh

@@ -0,0 +1,86 @@
+#!/bin/bash
+
+set -eu
+
+client_configure() {
+	sudo chmod 600 $PQSSLCERTTEST_PATH/postgresql.key
+}
+
+pgdg_repository() {
+	local sourcelist='sources.list.d/postgresql.list'
+
+	curl -sS 'https://www.postgresql.org/media/keys/ACCC4CF8.asc' | sudo apt-key add -
+	echo deb http://apt.postgresql.org/pub/repos/apt/ $(lsb_release -cs)-pgdg main $PGVERSION | sudo tee "/etc/apt/$sourcelist"
+	sudo apt-get -o Dir::Etc::sourcelist="$sourcelist" -o Dir::Etc::sourceparts='-' -o APT::Get::List-Cleanup='0' update
+}
+
+postgresql_configure() {
+	sudo tee /etc/postgresql/$PGVERSION/main/pg_hba.conf > /dev/null <<-config
+		local     all         all                               trust
+		hostnossl all         pqgossltest 127.0.0.1/32          reject
+		hostnossl all         pqgosslcert 127.0.0.1/32          reject
+		hostssl   all         pqgossltest 127.0.0.1/32          trust
+		hostssl   all         pqgosslcert 127.0.0.1/32          cert
+		host      all         all         127.0.0.1/32          trust
+		hostnossl all         pqgossltest ::1/128               reject
+		hostnossl all         pqgosslcert ::1/128               reject
+		hostssl   all         pqgossltest ::1/128               trust
+		hostssl   all         pqgosslcert ::1/128               cert
+		host      all         all         ::1/128               trust
+	config
+
+	xargs sudo install -o postgres -g postgres -m 600 -t /var/lib/postgresql/$PGVERSION/main/ <<-certificates
+		certs/root.crt
+		certs/server.crt
+		certs/server.key
+	certificates
+
+	sort -VCu <<-versions ||
+		$PGVERSION
+		9.2
+	versions
+	sudo tee -a /etc/postgresql/$PGVERSION/main/postgresql.conf > /dev/null <<-config
+		ssl_ca_file   = 'root.crt'
+		ssl_cert_file = 'server.crt'
+		ssl_key_file  = 'server.key'
+	config
+
+	echo 127.0.0.1 postgres | sudo tee -a /etc/hosts > /dev/null
+
+	sudo service postgresql restart
+}
+
+postgresql_install() {
+	xargs sudo apt-get -y -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confnew' install <<-packages
+		postgresql-$PGVERSION
+		postgresql-server-dev-$PGVERSION
+		postgresql-contrib-$PGVERSION
+	packages
+}
+
+postgresql_uninstall() {
+	sudo service postgresql stop
+	xargs sudo apt-get -y --purge remove <<-packages
+		libpq-dev
+		libpq5
+		postgresql
+		postgresql-client-common
+		postgresql-common
+	packages
+	sudo rm -rf /var/lib/postgresql
+}
+
+megacheck_install() {
+	# Lock megacheck version at $MEGACHECK_VERSION to prevent spontaneous
+	# new error messages in old code.
+	go get -d honnef.co/go/tools/...
+	git -C $GOPATH/src/honnef.co/go/tools/ checkout $MEGACHECK_VERSION
+	go install honnef.co/go/tools/cmd/megacheck
+	megacheck --version
+}
+
+golint_install() {
+	go get github.com/golang/lint/golint
+}
+
+$1

vendor/github.com/lib/pq/.travis.yml

@@ -0,0 +1,50 @@
+language: go
+
+go:
+  - 1.8.x
+  - 1.9.x
+  - 1.10.x
+  - master
+
+sudo: true
+
+env:
+  global:
+    - PGUSER=postgres
+    - PQGOSSLTESTS=1
+    - PQSSLCERTTEST_PATH=$PWD/certs
+    - PGHOST=127.0.0.1
+    - MEGACHECK_VERSION=2017.2.2
+  matrix:
+    - PGVERSION=10
+    - PGVERSION=9.6
+    - PGVERSION=9.5
+    - PGVERSION=9.4
+    - PGVERSION=9.3
+    - PGVERSION=9.2
+    - PGVERSION=9.1
+    - PGVERSION=9.0
+
+before_install:
+  - ./.travis.sh postgresql_uninstall
+  - ./.travis.sh pgdg_repository
+  - ./.travis.sh postgresql_install
+  - ./.travis.sh postgresql_configure
+  - ./.travis.sh client_configure
+  - ./.travis.sh megacheck_install
+  - ./.travis.sh golint_install
+  - go get golang.org/x/tools/cmd/goimports
+
+before_script:
+  - createdb pqgotest
+  - createuser -DRS pqgossltest
+  - createuser -DRS pqgosslcert
+
+script:
+  - >
+    goimports -d -e $(find -name '*.go') | awk '{ print } END { exit NR == 0 ? 0 : 1 }'
+  - go vet ./...
+  - megacheck -go 1.8 ./...
+  - golint ./...
+  - PQTEST_BINARY_PARAMETERS=no  go test -race -v ./...
+  - PQTEST_BINARY_PARAMETERS=yes go test -race -v ./...

vendor/github.com/lib/pq/CONTRIBUTING.md

@@ -0,0 +1,29 @@
+## Contributing to pq
+
+`pq` has a backlog of pull requests, but contributions are still very
+much welcome. You can help with patch review, submitting bug reports,
+or adding new functionality. There is no formal style guide, but
+please conform to the style of existing code and general Go formatting
+conventions when submitting patches.
+
+### Patch review
+
+Help review existing open pull requests by commenting on the code or
+proposed functionality.
+
+### Bug reports
+
+We appreciate any bug reports, but especially ones with self-contained
+(doesn't depend on code outside of pq), minimal (can't be simplified
+further) test cases. It's especially helpful if you can submit a pull
+request with just the failing test case (you'll probably want to
+pattern it after the tests in
+[conn_test.go](https://github.com/lib/pq/blob/master/conn_test.go).
+
+### New functionality
+
+There are a number of pending patches for new functionality, so
+additional feature patches will take a while to merge. Still, patches
+are generally reviewed based on usefulness and complexity in addition
+to time-in-queue, so if you have a knockout idea, take a shot. Feel
+free to open an issue discussion your proposed patch beforehand.

vendor/github.com/lib/pq/README.md

@@ -0,0 +1,95 @@
+# pq - A pure Go postgres driver for Go's database/sql package
+
+[![GoDoc](https://godoc.org/github.com/lib/pq?status.svg)](https://godoc.org/github.com/lib/pq)
+[![Build Status](https://travis-ci.org/lib/pq.svg?branch=master)](https://travis-ci.org/lib/pq)
+
+## Install
+
+	go get github.com/lib/pq
+
+## Docs
+
+For detailed documentation and basic usage examples, please see the package
+documentation at <http://godoc.org/github.com/lib/pq>.
+
+## Tests
+
+`go test` is used for testing.  See [TESTS.md](TESTS.md) for more details.
+
+## Features
+
+* SSL
+* Handles bad connections for `database/sql`
+* Scan `time.Time` correctly (i.e. `timestamp[tz]`, `time[tz]`, `date`)
+* Scan binary blobs correctly (i.e. `bytea`)
+* Package for `hstore` support
+* COPY FROM support
+* pq.ParseURL for converting urls to connection strings for sql.Open.
+* Many libpq compatible environment variables
+* Unix socket support
+* Notifications: `LISTEN`/`NOTIFY`
+* pgpass support
+
+## Future / Things you can help with
+
+* Better COPY FROM / COPY TO (see discussion in #181)
+
+## Thank you (alphabetical)
+
+Some of these contributors are from the original library `bmizerany/pq.go` whose
+code still exists in here.
+
+* Andy Balholm (andybalholm)
+* Ben Berkert (benburkert)
+* Benjamin Heatwole (bheatwole)
+* Bill Mill (llimllib)
+* Bjørn Madsen (aeons)
+* Blake Gentry (bgentry)
+* Brad Fitzpatrick (bradfitz)
+* Charlie Melbye (cmelbye)
+* Chris Bandy (cbandy)
+* Chris Gilling (cgilling)
+* Chris Walsh (cwds)
+* Dan Sosedoff (sosedoff)
+* Daniel Farina (fdr)
+* Eric Chlebek (echlebek)
+* Eric Garrido (minusnine)
+* Eric Urban (hydrogen18)
+* Everyone at The Go Team
+* Evan Shaw (edsrzf)
+* Ewan Chou (coocood)
+* Fazal Majid (fazalmajid)
+* Federico Romero (federomero)
+* Fumin (fumin)
+* Gary Burd (garyburd)
+* Heroku (heroku)
+* James Pozdena (jpoz)
+* Jason McVetta (jmcvetta)
+* Jeremy Jay (pbnjay)
+* Joakim Sernbrant (serbaut)
+* John Gallagher (jgallagher)
+* Jonathan Rudenberg (titanous)
+* Joël Stemmer (jstemmer)
+* Kamil Kisiel (kisielk)
+* Kelly Dunn (kellydunn)
+* Keith Rarick (kr)
+* Kir Shatrov (kirs)
+* Lann Martin (lann)
+* Maciek Sakrejda (uhoh-itsmaciek)
+* Marc Brinkmann (mbr)
+* Marko Tiikkaja (johto)
+* Matt Newberry (MattNewberry)
+* Matt Robenolt (mattrobenolt)
+* Martin Olsen (martinolsen)
+* Mike Lewis (mikelikespie)
+* Nicolas Patry (Narsil)
+* Oliver Tonnhofer (olt)
+* Patrick Hayes (phayes)
+* Paul Hammond (paulhammond)
+* Ryan Smith (ryandotsmith)
+* Samuel Stauffer (samuel)
+* Timothée Peignier (cyberdelia)
+* Travis Cline (tmc)
+* TruongSinh Tran-Nguyen (truongsinh)
+* Yaismel Miranda (ympons)
+* notedit (notedit)

vendor/github.com/lib/pq/TESTS.md

@@ -0,0 +1,33 @@
+# Tests
+
+## Running Tests
+
+`go test` is used for testing. A running PostgreSQL
+server is required, with the ability to log in. The
+database to connect to test with is "pqgotest," on
+"localhost" but these can be overridden using [environment
+variables](https://www.postgresql.org/docs/9.3/static/libpq-envars.html).
+
+Example:
+
+	PGHOST=/run/postgresql go test
+
+## Benchmarks
+
+A benchmark suite can be run as part of the tests:
+
+	go test -bench .
+
+## Example setup (Docker)
+
+Run a postgres container:
+
+```
+docker run --expose 5432:5432 postgres
+```
+
+Run tests:
+
+```
+PGHOST=localhost PGPORT=5432 PGUSER=postgres PGSSLMODE=disable PGDATABASE=postgres go test
+```

vendor/github.com/lib/pq/conn.go

@@ -35,8 +35,12 @@ var (
 	errNoLastInsertID  = errors.New("no LastInsertId available after the empty statement")
 )
 
+// Driver is the Postgres database driver.
 type Driver struct{}
 
+// Open opens a new connection to the database. name is a connection string.
+// Most users should only use it through database/sql package from the standard
+// library.
 func (d *Driver) Open(name string) (driver.Conn, error) {
 	return Open(name)
 }
@@ -78,6 +82,8 @@ func (s transactionStatus) String() string {
 	panic("not reached")
 }
 
+// Dialer is the dialer interface. It can be used to obtain more control over
+// how pq creates network connections.
 type Dialer interface {
 	Dial(network, address string) (net.Conn, error)
 	DialTimeout(network, address string, timeout time.Duration) (net.Conn, error)
@@ -238,10 +244,14 @@ func (cn *conn) writeBuf(b byte) *writeBuf {
 	}
 }
 
+// Open opens a new connection to the database. name is a connection string.
+// Most users should only use it through database/sql package from the standard
+// library.
 func Open(name string) (_ driver.Conn, err error) {
 	return DialOpen(defaultDialer{}, name)
 }
 
+// DialOpen opens a new connection to the database using a dialer.
 func DialOpen(d Dialer, name string) (_ driver.Conn, err error) {
 	// Handle any panics during connection initialization.  Note that we
 	// specifically do *not* want to use errRecover(), as that would turn any
@@ -329,7 +339,20 @@ func DialOpen(d Dialer, name string) (_ driver.Conn, err error) {
 	if err != nil {
 		return nil, err
 	}
-	cn.ssl(o)
+
+	err = cn.ssl(o)
+	if err != nil {
+		return nil, err
+	}
+
+	// cn.startup panics on error. Make sure we don't leak cn.c.
+	panicking := true
+	defer func() {
+		if panicking {
+			cn.c.Close()
+		}
+	}()
+
 	cn.buf = bufio.NewReader(cn.c)
 	cn.startup(o)
 
@@ -337,6 +360,7 @@ func DialOpen(d Dialer, name string) (_ driver.Conn, err error) {
 	if timeout, ok := o["connect_timeout"]; ok && timeout != "0" {
 		err = cn.c.SetDeadline(time.Time{})
 	}
+	panicking = false
 	return cn, err
 }
 
@@ -1009,30 +1033,35 @@ func (cn *conn) recv1() (t byte, r *readBuf) {
 	return t, r
 }
 
-func (cn *conn) ssl(o values) {
-	upgrade := ssl(o)
+func (cn *conn) ssl(o values) error {
+	upgrade, err := ssl(o)
+	if err != nil {
+		return err
+	}
+
 	if upgrade == nil {
 		// Nothing to do
-		return
+		return nil
 	}
 
 	w := cn.writeBuf(0)
 	w.int32(80877103)
-	if err := cn.sendStartupPacket(w); err != nil {
-		panic(err)
+	if err = cn.sendStartupPacket(w); err != nil {
+		return err
 	}
 
 	b := cn.scratch[:1]
-	_, err := io.ReadFull(cn.c, b)
+	_, err = io.ReadFull(cn.c, b)
 	if err != nil {
-		panic(err)
+		return err
 	}
 
 	if b[0] != 'S' {
-		panic(ErrSSLNotSupported)
+		return ErrSSLNotSupported
 	}
 
-	cn.c = upgrade(cn.c)
+	cn.c, err = upgrade(cn.c)
+	return err
 }
 
 // isDriverSetting returns true iff a setting is purely for configuring the
@@ -1432,7 +1461,8 @@ func (rs *rows) NextResultSet() error {
 //
 //    tblname := "my_table"
 //    data := "my_data"
-//    err = db.Exec(fmt.Sprintf("INSERT INTO %s VALUES ($1)", pq.QuoteIdentifier(tblname)), data)
+//    quoted := pq.QuoteIdentifier(tblname)
+//    err := db.Exec(fmt.Sprintf("INSERT INTO %s VALUES ($1)", quoted), data)
 //
 // Any double quotes in name will be escaped.  The quoted identifier will be
 // case sensitive when used in a query.  If the input string contains a zero

vendor/github.com/lib/pq/conn_go18.go

@@ -108,7 +108,10 @@ func (cn *conn) cancel() error {
 		can := conn{
 			c: c,
 		}
-		can.ssl(cn.opts)
+		err = can.ssl(cn.opts)
+		if err != nil {
+			return err
+		}
 
 		w := can.writeBuf(0)
 		w.int32(80877102) // cancel request code

vendor/github.com/lib/pq/connector.go

@@ -0,0 +1,43 @@
+// +build go1.10
+
+package pq
+
+import (
+	"context"
+	"database/sql/driver"
+)
+
+// Connector represents a fixed configuration for the pq driver with a given
+// name. Connector satisfies the database/sql/driver Connector interface and
+// can be used to create any number of DB Conn's via the database/sql OpenDB
+// function.
+//
+// See https://golang.org/pkg/database/sql/driver/#Connector.
+// See https://golang.org/pkg/database/sql/#OpenDB.
+type connector struct {
+	name string
+}
+
+// Connect returns a connection to the database using the fixed configuration
+// of this Connector. Context is not used.
+func (c *connector) Connect(_ context.Context) (driver.Conn, error) {
+	return (&Driver{}).Open(c.name)
+}
+
+// Driver returnst the underlying driver of this Connector.
+func (c *connector) Driver() driver.Driver {
+	return &Driver{}
+}
+
+var _ driver.Connector = &connector{}
+
+// NewConnector returns a connector for the pq driver in a fixed configuration
+// with the given name. The returned connector can be used to create any number
+// of equivalent Conn's. The returned connector is intended to be used with
+// database/sql.OpenDB.
+//
+// See https://golang.org/pkg/database/sql/driver/#Connector.
+// See https://golang.org/pkg/database/sql/#OpenDB.
+func NewConnector(name string) (driver.Connector, error) {
+	return &connector{name: name}, nil
+}

vendor/github.com/lib/pq/doc.go

@@ -11,7 +11,8 @@ using this package directly. For example:
 	)
 
 	func main() {
-		db, err := sql.Open("postgres", "user=pqgotest dbname=pqgotest sslmode=verify-full")
+		connStr := "user=pqgotest dbname=pqgotest sslmode=verify-full"
+		db, err := sql.Open("postgres", connStr)
 		if err != nil {
 			log.Fatal(err)
 		}
@@ -23,7 +24,8 @@ using this package directly. For example:
 
 You can also connect to a database using a URL. For example:
 
-	db, err := sql.Open("postgres", "postgres://pqgotest:password@localhost/pqgotest?sslmode=verify-full")
+	connStr := "postgres://pqgotest:password@localhost/pqgotest?sslmode=verify-full"
+	db, err := sql.Open("postgres", connStr)
 
 
 Connection String Parameters
@@ -43,21 +45,28 @@ supported:
 	* dbname - The name of the database to connect to
 	* user - The user to sign in as
 	* password - The user's password
-	* host - The host to connect to. Values that start with / are for unix domain sockets. (default is localhost)
+	* host - The host to connect to. Values that start with / are for unix
+	  domain sockets. (default is localhost)
 	* port - The port to bind to. (default is 5432)
-	* sslmode - Whether or not to use SSL (default is require, this is not the default for libpq)
+	* sslmode - Whether or not to use SSL (default is require, this is not
+	  the default for libpq)
 	* fallback_application_name - An application_name to fall back to if one isn't provided.
-	* connect_timeout - Maximum wait for connection, in seconds. Zero or not specified means wait indefinitely.
+	* connect_timeout - Maximum wait for connection, in seconds. Zero or
+	  not specified means wait indefinitely.
 	* sslcert - Cert file location. The file must contain PEM encoded data.
 	* sslkey - Key file location. The file must contain PEM encoded data.
-	* sslrootcert - The location of the root certificate file. The file must contain PEM encoded data.
+	* sslrootcert - The location of the root certificate file. The file
+	  must contain PEM encoded data.
 
 Valid values for sslmode are:
 
 	* disable - No SSL
 	* require - Always SSL (skip verification)
-	* verify-ca - Always SSL (verify that the certificate presented by the server was signed by a trusted CA)
-	* verify-full - Always SSL (verify that the certification presented by the server was signed by a trusted CA and the server host name matches the one in the certificate)
+	* verify-ca - Always SSL (verify that the certificate presented by the
+	  server was signed by a trusted CA)
+	* verify-full - Always SSL (verify that the certification presented by
+	  the server was signed by a trusted CA and the server host name
+	  matches the one in the certificate)
 
 See http://www.postgresql.org/docs/current/static/libpq-connect.html#LIBPQ-CONNSTRING
 for more information about connection string parameters.
@@ -68,7 +77,7 @@ Use single quotes for values that contain whitespace:
 
 A backslash will escape the next character in values:
 
-    "user=space\ man password='it\'s valid'
+    "user=space\ man password='it\'s valid'"
 
 Note that the connection parameter client_encoding (which sets the
 text encoding for the connection) may be set but must be "UTF8",
@@ -129,7 +138,8 @@ This package returns the following types for values from the PostgreSQL backend:
 	- integer types smallint, integer, and bigint are returned as int64
 	- floating-point types real and double precision are returned as float64
 	- character types char, varchar, and text are returned as string
-	- temporal types date, time, timetz, timestamp, and timestamptz are returned as time.Time
+	- temporal types date, time, timetz, timestamp, and timestamptz are
+	  returned as time.Time
 	- the boolean type is returned as bool
 	- the bytea type is returned as []byte
 
@@ -229,7 +239,7 @@ for more information).  Note that the channel name will be truncated to 63
 bytes by the PostgreSQL server.
 
 You can find a complete, working example of Listener usage at
-http://godoc.org/github.com/lib/pq/listen_example.
+http://godoc.org/github.com/lib/pq/example/listen.
 
 */
 package pq

vendor/github.com/lib/pq/error.go

@@ -153,6 +153,7 @@ var errorCodeNames = map[ErrorCode]string{
 	"22004": "null_value_not_allowed",
 	"22002": "null_value_no_indicator_parameter",
 	"22003": "numeric_value_out_of_range",
+	"2200H": "sequence_generator_limit_exceeded",
 	"22026": "string_data_length_mismatch",
 	"22001": "string_data_right_truncation",
 	"22011": "substring_error",
@@ -459,6 +460,11 @@ func errorf(s string, args ...interface{}) {
 	panic(fmt.Errorf("pq: %s", fmt.Sprintf(s, args...)))
 }
 
+// TODO(ainar-g) Rename to errorf after removing panics.
+func fmterrorf(s string, args ...interface{}) error {
+	return fmt.Errorf("pq: %s", fmt.Sprintf(s, args...))
+}
+
 func errRecoverNoErrBadConn(err *error) {
 	e := recover()
 	if e == nil {
@@ -487,7 +493,8 @@ func (c *conn) errRecover(err *error) {
 			*err = v
 		}
 	case *net.OpError:
-		*err = driver.ErrBadConn
+		c.bad = true
+		*err = v
 	case error:
 		if v == io.EOF || v.(error).Error() == "remote error: handshake failure" {
 			*err = driver.ErrBadConn

vendor/github.com/lib/pq/go.mod

@@ -0,0 +1 @@
+module github.com/lib/pq

vendor/github.com/lib/pq/notify.go

@@ -60,7 +60,7 @@ type ListenerConn struct {
 	replyChan chan message
 }
 
-// Creates a new ListenerConn.  Use NewListener instead.
+// NewListenerConn creates a new ListenerConn. Use NewListener instead.
 func NewListenerConn(name string, notificationChan chan<- *Notification) (*ListenerConn, error) {
 	return newDialListenerConn(defaultDialer{}, name, notificationChan)
 }
@@ -214,17 +214,17 @@ func (l *ListenerConn) listenerConnMain() {
 	// this ListenerConn is done
 }
 
-// Send a LISTEN query to the server.  See ExecSimpleQuery.
+// Listen sends a LISTEN query to the server. See ExecSimpleQuery.
 func (l *ListenerConn) Listen(channel string) (bool, error) {
 	return l.ExecSimpleQuery("LISTEN " + QuoteIdentifier(channel))
 }
 
-// Send an UNLISTEN query to the server.  See ExecSimpleQuery.
+// Unlisten sends an UNLISTEN query to the server. See ExecSimpleQuery.
 func (l *ListenerConn) Unlisten(channel string) (bool, error) {
 	return l.ExecSimpleQuery("UNLISTEN " + QuoteIdentifier(channel))
 }
 
-// Send `UNLISTEN *` to the server.  See ExecSimpleQuery.
+// UnlistenAll sends an `UNLISTEN *` query to the server. See ExecSimpleQuery.
 func (l *ListenerConn) UnlistenAll() (bool, error) {
 	return l.ExecSimpleQuery("UNLISTEN *")
 }
@@ -267,8 +267,8 @@ func (l *ListenerConn) sendSimpleQuery(q string) (err error) {
 	return nil
 }
 
-// Execute a "simple query" (i.e. one with no bindable parameters) on the
-// connection.  The possible return values are:
+// ExecSimpleQuery executes a "simple query" (i.e. one with no bindable
+// parameters) on the connection. The possible return values are:
 //   1) "executed" is true; the query was executed to completion on the
 //      database server.  If the query failed, err will be set to the error
 //      returned by the database, otherwise err will be nil.
@@ -333,6 +333,7 @@ func (l *ListenerConn) ExecSimpleQuery(q string) (executed bool, err error) {
 	}
 }
 
+// Close closes the connection.
 func (l *ListenerConn) Close() error {
 	l.connectionLock.Lock()
 	if l.err != nil {
@@ -346,7 +347,7 @@ func (l *ListenerConn) Close() error {
 	return l.cn.c.Close()
 }
 
-// Err() returns the reason the connection was closed.  It is not safe to call
+// Err returns the reason the connection was closed. It is not safe to call
 // this function until l.Notify has been closed.
 func (l *ListenerConn) Err() error {
 	return l.err
@@ -354,32 +355,43 @@ func (l *ListenerConn) Err() error {
 
 var errListenerClosed = errors.New("pq: Listener has been closed")
 
+// ErrChannelAlreadyOpen is returned from Listen when a channel is already
+// open.
 var ErrChannelAlreadyOpen = errors.New("pq: channel is already open")
+
+// ErrChannelNotOpen is returned from Unlisten when a channel is not open.
 var ErrChannelNotOpen = errors.New("pq: channel is not open")
 
+// ListenerEventType is an enumeration of listener event types.
 type ListenerEventType int
 
 const (
-	// Emitted only when the database connection has been initially
-	// initialized.  err will always be nil.
+	// ListenerEventConnected is emitted only when the database connection
+	// has been initially initialized. The err argument of the callback
+	// will always be nil.
 	ListenerEventConnected ListenerEventType = iota
 
-	// Emitted after a database connection has been lost, either because of an
-	// error or because Close has been called.  err will be set to the reason
-	// the database connection was lost.
+	// ListenerEventDisconnected is emitted after a database connection has
+	// been lost, either because of an error or because Close has been
+	// called. The err argument will be set to the reason the database
+	// connection was lost.
 	ListenerEventDisconnected
 
-	// Emitted after a database connection has been re-established after
-	// connection loss.  err will always be nil.  After this event has been
-	// emitted, a nil pq.Notification is sent on the Listener.Notify channel.
+	// ListenerEventReconnected is emitted after a database connection has
+	// been re-established after connection loss. The err argument of the
+	// callback will always be nil. After this event has been emitted, a
+	// nil pq.Notification is sent on the Listener.Notify channel.
 	ListenerEventReconnected
 
-	// Emitted after a connection to the database was attempted, but failed.
-	// err will be set to an error describing why the connection attempt did
-	// not succeed.
+	// ListenerEventConnectionAttemptFailed is emitted after a connection
+	// to the database was attempted, but failed. The err argument will be
+	// set to an error describing why the connection attempt did not
+	// succeed.
 	ListenerEventConnectionAttemptFailed
 )
 
+// EventCallbackType is the event callback type. See also ListenerEventType
+// constants' documentation.
 type EventCallbackType func(event ListenerEventType, err error)
 
 // Listener provides an interface for listening to notifications from a
@@ -454,9 +466,9 @@ func NewDialListener(d Dialer,
 	return l
 }
 
-// Returns the notification channel for this listener.  This is the same
-// channel as Notify, and will not be recreated during the life time of the
-// Listener.
+// NotificationChannel returns the notification channel for this listener.
+// This is the same channel as Notify, and will not be recreated during the
+// life time of the Listener.
 func (l *Listener) NotificationChannel() <-chan *Notification {
 	return l.Notify
 }
@@ -625,7 +637,7 @@ func (l *Listener) disconnectCleanup() error {
 // after the connection has been established.
 func (l *Listener) resync(cn *ListenerConn, notificationChan <-chan *Notification) error {
 	doneChan := make(chan error)
-	go func() {
+	go func(notificationChan <-chan *Notification) {
 		for channel := range l.channels {
 			// If we got a response, return that error to our caller as it's
 			// going to be more descriptive than cn.Err().
@@ -646,7 +658,7 @@ func (l *Listener) resync(cn *ListenerConn, notificationChan <-chan *Notificatio
 			}
 		}
 		doneChan <- nil
-	}()
+	}(notificationChan)
 
 	// Ignore notifications while synchronization is going on to avoid
 	// deadlocks.  We have to send a nil notification over Notify anyway as
@@ -713,6 +725,9 @@ func (l *Listener) Close() error {
 	}
 	l.isClosed = true
 
+	// Unblock calls to Listen()
+	l.reconnectCond.Broadcast()
+
 	return nil
 }
 
@@ -772,7 +787,7 @@ func (l *Listener) listenerConnLoop() {
 		}
 		l.emitEvent(ListenerEventDisconnected, err)
 
-		time.Sleep(nextReconnect.Sub(time.Now()))
+		time.Sleep(time.Until(nextReconnect))
 	}
 }
 

vendor/github.com/lib/pq/ssl.go

@@ -12,7 +12,7 @@ import (
 
 // ssl generates a function to upgrade a net.Conn based on the "sslmode" and
 // related settings. The function is nil when no upgrade should take place.
-func ssl(o values) func(net.Conn) net.Conn {
+func ssl(o values) (func(net.Conn) (net.Conn, error), error) {
 	verifyCaOnly := false
 	tlsConf := tls.Config{}
 	switch mode := o["sslmode"]; mode {
@@ -45,29 +45,38 @@ func ssl(o values) func(net.Conn) net.Conn {
 	case "verify-full":
 		tlsConf.ServerName = o["host"]
 	case "disable":
-		return nil
+		return nil, nil
 	default:
-		errorf(`unsupported sslmode %q; only "require" (default), "verify-full", "verify-ca", and "disable" supported`, mode)
+		return nil, fmterrorf(`unsupported sslmode %q; only "require" (default), "verify-full", "verify-ca", and "disable" supported`, mode)
 	}
 
-	sslClientCertificates(&tlsConf, o)
-	sslCertificateAuthority(&tlsConf, o)
+	err := sslClientCertificates(&tlsConf, o)
+	if err != nil {
+		return nil, err
+	}
+	err = sslCertificateAuthority(&tlsConf, o)
+	if err != nil {
+		return nil, err
+	}
 	sslRenegotiation(&tlsConf)
 
-	return func(conn net.Conn) net.Conn {
+	return func(conn net.Conn) (net.Conn, error) {
 		client := tls.Client(conn, &tlsConf)
 		if verifyCaOnly {
-			sslVerifyCertificateAuthority(client, &tlsConf)
+			err := sslVerifyCertificateAuthority(client, &tlsConf)
+			if err != nil {
+				return nil, err
+			}
 		}
-		return client
-	}
+		return client, nil
+	}, nil
 }
 
 // sslClientCertificates adds the certificate specified in the "sslcert" and
 // "sslkey" settings, or if they aren't set, from the .postgresql directory
 // in the user's home directory. The configured files must exist and have
 // the correct permissions.
-func sslClientCertificates(tlsConf *tls.Config, o values) {
+func sslClientCertificates(tlsConf *tls.Config, o values) error {
 	// user.Current() might fail when cross-compiling. We have to ignore the
 	// error and continue without home directory defaults, since we wouldn't
 	// know from where to load them.
@@ -82,13 +91,13 @@ func sslClientCertificates(tlsConf *tls.Config, o values) {
 	}
 	// https://github.com/postgres/postgres/blob/REL9_6_2/src/interfaces/libpq/fe-secure-openssl.c#L1045
 	if len(sslcert) == 0 {
-		return
+		return nil
 	}
 	// https://github.com/postgres/postgres/blob/REL9_6_2/src/interfaces/libpq/fe-secure-openssl.c#L1050:L1054
 	if _, err := os.Stat(sslcert); os.IsNotExist(err) {
-		return
+		return nil
 	} else if err != nil {
-		panic(err)
+		return err
 	}
 
 	// In libpq, the ssl key is only loaded if the setting is not blank.
@@ -101,19 +110,21 @@ func sslClientCertificates(tlsConf *tls.Config, o values) {
 
 	if len(sslkey) > 0 {
 		if err := sslKeyPermissions(sslkey); err != nil {
-			panic(err)
+			return err
 		}
 	}
 
 	cert, err := tls.LoadX509KeyPair(sslcert, sslkey)
 	if err != nil {
-		panic(err)
+		return err
 	}
+
 	tlsConf.Certificates = []tls.Certificate{cert}
+	return nil
 }
 
 // sslCertificateAuthority adds the RootCA specified in the "sslrootcert" setting.
-func sslCertificateAuthority(tlsConf *tls.Config, o values) {
+func sslCertificateAuthority(tlsConf *tls.Config, o values) error {
 	// In libpq, the root certificate is only loaded if the setting is not blank.
 	//
 	// https://github.com/postgres/postgres/blob/REL9_6_2/src/interfaces/libpq/fe-secure-openssl.c#L950-L951
@@ -122,22 +133,24 @@ func sslCertificateAuthority(tlsConf *tls.Config, o values) {
 
 		cert, err := ioutil.ReadFile(sslrootcert)
 		if err != nil {
-			panic(err)
+			return err
 		}
 
 		if !tlsConf.RootCAs.AppendCertsFromPEM(cert) {
-			errorf("couldn't parse pem in sslrootcert")
+			return fmterrorf("couldn't parse pem in sslrootcert")
 		}
 	}
+
+	return nil
 }
 
 // sslVerifyCertificateAuthority carries out a TLS handshake to the server and
 // verifies the presented certificate against the CA, i.e. the one specified in
 // sslrootcert or the system CA if sslrootcert was not specified.
-func sslVerifyCertificateAuthority(client *tls.Conn, tlsConf *tls.Config) {
+func sslVerifyCertificateAuthority(client *tls.Conn, tlsConf *tls.Config) error {
 	err := client.Handshake()
 	if err != nil {
-		panic(err)
+		return err
 	}
 	certs := client.ConnectionState().PeerCertificates
 	opts := x509.VerifyOptions{
@@ -152,7 +165,5 @@ func sslVerifyCertificateAuthority(client *tls.Conn, tlsConf *tls.Config) {
 		opts.Intermediates.AddCert(cert)
 	}
 	_, err = certs[0].Verify(opts)
-	if err != nil {
-		panic(err)
-	}
+	return err
 }