From: | Michael Paquier <michael(at)paquier(dot)xyz> |
---|---|
To: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
Cc: | Postgres hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
Subject: | Re: Inconsistent error handling in the openssl init code |
Date: | 2019-02-07 04:12:23 |
Message-ID: | 20190207041223.GI4074@paquier.xyz |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Wed, Feb 06, 2019 at 11:18:22PM +0100, Daniel Gustafsson wrote:
> The errorhandling in be_tls_init(), and functions called from it, set the
> appropriate elevel by the isServerStart. ssl_protocol_version_to_openssl() is
> however erroring out unconditionally with ERROR on invalid TLS versions. The
> attached patch adds isServerStart handling to the TLS version handling as well,
> to make be_tls_init() consistent in its errorhandling.
(Adding Peter Eisentraut in CC)
Good catch, this is an oversight from commit e73e67c7, which affects
only HEAD. The comment at the top of ssl_protocol_version_to_openssl
becomes incorrect as the function would not throw an error in a reload
context.
The current comment is that:
* If a version is passed that is not supported by the current OpenSSL
* version, then we throw an error, so that subsequent code can assume it's
* working with a supported version.
Which we could change to that:
..., then we throw an error as FATAL if isServerStart is true so as it
won't return. Otherwise, errors are logged as LOG level and return -1
to indicate trouble, preserving the old SSL state if any.
Peter, could you take care of it? Or should I?
--
Michael
From | Date | Subject | |
---|---|---|---|
Next Message | Michael Paquier | 2019-02-07 04:17:53 | Re: bug tracking system |
Previous Message | Tom Lane | 2019-02-07 03:50:51 | Re: bug tracking system |