| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Cryptohash OpenSSL error queue in FIPS enabled builds |
| Date: | 2022-04-23 21:40:19 |
| Message-ID: | 23922128-C918-4D92-95AC-FF45172D2474@yesql.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On 22 Apr 2022, at 19:01, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Daniel Gustafsson <daniel(at)yesql(dot)se> writes:
>> Consuming all (both) errors and creating a concatenated string seems overkill
>> as it would alter the API from a const error string to something that needs
>> freeing etc (also, very few OpenSSL consumers actually drain the queue, OpenSSL
>> themselves don't). Skimming the OpenSSL code I was unable to find another
>> example of two errors generated. The attached calls ERR_clear_error() as how
>> we do in libpq in order to avoid consuming earlier errors.
>
> This seems quite messy. How would clearing the queue *before* creating
> the object improve matters?
We know there won't be any leftovers which would make us display the wrong
message.
> It seems like that solution means you're leaving an extra error in the queue to
> break unrelated code. Wouldn't it be better to clear after grabbing the error?
> (Or maybe do both.)
That's a very good point, doing it in both ends of the operation is better
here.
> Also, a comment seems advisable.
Agreed.
--
Daniel Gustafsson https://vmware.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Noah Misch | 2022-04-24 00:59:38 | Re: Use generation context to speed up tuplesorts |
| Previous Message | David Christensen | 2022-04-23 18:43:36 | Re: [PATCH] Teach pg_waldump to extract FPIs from the WAL |