Re: Inconsistent error handling in the openssl init code

From: Michael Paquier <michael(at)paquier(dot)xyz>
To: Daniel Gustafsson <daniel(at)yesql(dot)se>
Cc: Postgres hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>
Subject: Re: Inconsistent error handling in the openssl init code
Date: 2019-02-07 04:12:23
Message-ID: 20190207041223.GI4074@paquier.xyz
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Wed, Feb 06, 2019 at 11:18:22PM +0100, Daniel Gustafsson wrote:
> The errorhandling in be_tls_init(), and functions called from it, set the
> appropriate elevel by the isServerStart. ssl_protocol_version_to_openssl() is
> however erroring out unconditionally with ERROR on invalid TLS versions. The
> attached patch adds isServerStart handling to the TLS version handling as well,
> to make be_tls_init() consistent in its errorhandling.

(Adding Peter Eisentraut in CC)

Good catch, this is an oversight from commit e73e67c7, which affects
only HEAD. The comment at the top of ssl_protocol_version_to_openssl
becomes incorrect as the function would not throw an error in a reload
context.

The current comment is that:
* If a version is passed that is not supported by the current OpenSSL
* version, then we throw an error, so that subsequent code can assume it's
* working with a supported version.

Which we could change to that:
..., then we throw an error as FATAL if isServerStart is true so as it
won't return. Otherwise, errors are logged as LOG level and return -1
to indicate trouble, preserving the old SSL state if any.

Peter, could you take care of it? Or should I?
--
Michael

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Michael Paquier 2019-02-07 04:17:53 Re: bug tracking system
Previous Message Tom Lane 2019-02-07 03:50:51 Re: bug tracking system