Re: pgsql: Send ALPN in TLS handshake, require it in direct SSL connections

On 08/04/2024 04:50, Andres Freund wrote:
> On 2024-04-08 01:25:40 +0000, Heikki Linnakangas wrote:
>> Send ALPN in TLS handshake, require it in direct SSL connections
>>
>> libpq now always tries to send ALPN. With the traditional negotiated
>> SSL connections, the server accepts the ALPN, and refuses the
>> connection if it's not what we expect, but connecting without ALPN is
>> still OK. With the new direct SSL connections, ALPN is mandatory.
>>
>> NOTE: This uses "TBD-pgsql" as the protocol ID. We must register a
>> proper one with IANA before the release!
>>
>> Author: Greg Stark, Heikki Linnakangas
>> Reviewed-by: Matthias van de Meent, Jacob Champion
>
> My compiler complains:
>
> [396/992 42 39%] Compiling C object src/backend/postgres_lib.a.p/libpq_be-secure-openssl.c.o
> ../../../../../home/andres/src/postgresql/src/backend/libpq/be-secure-openssl.c: In function 'alpn_cb':
> ../../../../../home/andres/src/postgresql/src/backend/libpq/be-secure-openssl.c:1327:69: warning: ordered comparison of pointer with integer zero [-Wextra]
> 1327 | if (*out == NULL || *outlen > sizeof(alpn_protos) || outlen <= 0)
> | ^~
> [991/992 1 99%] Linking target src/bin/pg_dump/pg_dump
>
> And I think it may show why the warning is a good idea - I assume
> "*outlen <= 0" was intended?

Yes. Fixed, thanks!

--
Heikki Linnakangas
Neon (https://neon.tech)