check_ssl_key_file_permissions should be in be-secure-common.c

From: Michael Paquier <michael(at)paquier(dot)xyz>
To: Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, Daniel Gustafsson <daniel(at)yesql(dot)se>
Cc: Postgres hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: check_ssl_key_file_permissions should be in be-secure-common.c
Date: 2018-04-02 06:51:49
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

Peter, Daniel,

The recent commit 8a3d9425 which has introduced SSL passphrase support
has also added be-secure-common.c, which works similarly to
fe-secure-common.c but for the backend.

I was just reading this code area, when I noticed that
check_ssl_key_file_permissions is called by be-secure-openssl.c but the
routine is defined in be-secure.c, causing some back-and-forth between
the two files.

It seems to me that this routine should be logically put into
be-secure-common.c so as future SSL implementations can use it. This
makes the code more consistent with the frontend refactoring that has
happened in f75a959. I would not have bothered about this refactoring
if be-secure-openssl.c did not exist yet, but as it does I think that we
should bite the bullet, and do that for v11 so as a good base is in
place for the future.

A patch is attached.


Attachment Content-Type Size
0001-Make-be-secure-common.c-more-consistent-for-future-S.patch text/x-diff 7.1 KB


Browse pgsql-hackers by date

  From Date Subject
Next Message Nikhil Sontakke 2018-04-02 07:49:24 Re: [HACKERS] logical decoding of two-phase transactions
Previous Message Arthur Zakirov 2018-04-02 06:45:06 Re: json(b)_to_tsvector with numeric values