| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, Andrew Dunstan <andrew(dot)dunstan(at)2ndquadrant(dot)com> |
| Subject: | Re: Making openssl_tls_init_hook OpenSSL specific |
| Date: | 2020-04-17 01:57:09 |
| Message-ID: | 20200417015709.GI81957@paquier.xyz |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Apr 16, 2020 at 02:17:33PM +0200, Daniel Gustafsson wrote:
> Commit 896fcdb230e72 (sorry for chiming in too late, I missed that thread)
> added a TLS init hook which is OpenSSL specific: openssl_tls_init_hook. Since
> the rest of the TLS support in the backend is library agnostic, we should IMO
> make this hook follow that pattern, else this will make a non-OpenSSL backend
> not compile.
Better sooner than later, thanks for the report.
> If we make the hook generic, extension authors must have a way to tell which
> backend invoked it, so maybe the best option is to simply wrap this hook in
> USE_OPENSSL ifdefs and keep the name/signature? Looking at the Secure
> Transport patch I wrote, there is really no equivalent callsite; the same goes
> for a libnss patch which I haven't yet submitted.
>
> The attached adds USE_OPENSSL guards.
I agree that this looks like an oversight of the original commit
introducing the hook as it gets called in the OpenSSL code path of
be_tls_init(), so I think that your patch is right (though I would
have just used #ifdef USE_OPENSSL here). And if the future proves
that this hook has more uses for other SSL implementations, we could
always rework it at this point, if necessary. Andrew, would you
prefer fixing that yourself?
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Thomas Munro | 2020-04-17 02:12:44 | Re: fixing old_snapshot_threshold's time->xid mapping |
| Previous Message | Patrick REED | 2020-04-17 01:57:02 | Re: Lexer issues |