Re: Improve errors when setting incorrect bounds for SSL protocols

From: Michael Paquier <michael(at)paquier(dot)xyz>
To: Daniel Gustafsson <daniel(at)yesql(dot)se>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Postgres hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Subject: Re: Improve errors when setting incorrect bounds for SSL protocols
Date: 2020-02-07 00:33:35
Message-ID: 20200207003335.GO23913@paquier.xyz
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Thu, Feb 06, 2020 at 11:30:40PM +0100, Daniel Gustafsson wrote:
> Or change to the v1 patch in this thread, which avoids the problem by doing it
> in the OpenSSL code. It's a shame to have generic TLS functionality be OpenSSL
> specific when everything else TLS has been abstracted, but not working is
> clearly a worse option.

The v1 would work just fine considering that, as the code would be
invoked in a context where all GUCs are already loaded. That's too
late before the release though, so I have reverted 41aadee, and
attached is a new patch to consider with improvements compared to v1
mainly in the error messages.
--
Michael

Attachment Content-Type Size
ssl-proto-context-v3.patch text/x-diff 5.4 KB

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Andres Freund 2020-02-07 00:37:55 Re: Getting rid of some more lseek() calls
Previous Message Thomas Munro 2020-02-07 00:01:09 Re: typedef SegmentNumber