| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
| Cc: | Postgres hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Improve errors when setting incorrect bounds for SSL protocols |
| Date: | 2020-04-29 23:14:55 |
| Message-ID: | 20200429231455.GI279958@paquier.xyz |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Apr 29, 2020 at 01:57:49PM +0200, Daniel Gustafsson wrote:
> Working in the TLS corners of the backend, I found while re-reviewing and
> re-testing for the release that this patch actually was a small, but vital,
> brick shy of a load. The error handling is always invoked due to a set of
> missing braces. Going into the check will cause the context to be freed and
> be_tls_open_server error out. The tests added narrowly escapes it by not
> setting the max version in the final test, but I'm not sure it's worth changing
> that now as not setting a value is an interesting testcase too. Sorry for
> missing that at the time of reviewing.
Good catch, fixed. We would still have keep around the SSL old
context if both bounds were set. Testing this case would mean one
extra full restart of the server, and I am not sure either if that's
worth the extra cost here.
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2020-04-29 23:29:43 | Re: Poll: are people okay with function/operator table redesign? |
| Previous Message | Alvaro Herrera | 2020-04-29 22:58:16 | Re: [HACKERS] Restricting maximum keep segments by repslots |